Table of Contents Table of Contents Summary Scope System Overview Security Model and Trust AssumptionsPrivileged Roles Low SeverityIncomplete Docstrings Optimization for PRIMARY_FACTOR_ADDRESS and PRIMARY_CONDITIONAL_MULTIPLIER_ADDRESS Checks Floating Pragma Notes & Additional InformationAmbiguous Call to Parent Contract Functions Updating State Without Event Emissions Lack of Indexed Event Parameters Post-EIP-6780 selfdestruct Does Not Delete Code Indecisive Licenses Unnecessary Data Field i...| OpenZeppelin Blog
Table of Contents Table of Contents Summary Scope System Overview Privileged Roles and Trust Assumptions Medium SeverityExcess Gas Remains in SpokePool Fee Cap May Be Too Low Conclusion| OpenZeppelin Blog
Table of Contents| OpenZeppelin Blog
Table of Contents Table of Contents Summary Scope System OverviewNew Contracts Diff Changes Security Model and Trust Assumptions Low SeverityCurrencies Do Not Accept a Bond By Default The RequestManagerAdded and RequestManagerRemoved Events Can Be Wrongfully Emitted Missing Interface Validation for Whitelist Contracts Missing Test Suite Problematic Whitelist Implementation Minimum Liveness Can Be Set Beyond Valid Bounds Notes & Additional InformationUse of Storage Gaps for Upgradeability Inco...| OpenZeppelin Blog
OpenZeppelin achieves SOC 2 Type 2 certification, demonstrating institutional-grade security standards for leading Web3 companies and financial institutions. Learn how this milestone strengthens operational security beyond our smart contract expertise that has facilitated over $35 trillion in Total Value Transferred.| blog.openzeppelin.com
Table of contents Introduction What Does FHE Bring To The Table? Option 1: Adding FHE Computation Natively into the VM Option 2: Using an FHE CoprocessorPrivate Shared State What Can Be Built Using FHE? What OpenZeppelin is Working On| OpenZeppelin Blog
We are excited to launch Contracts UI Builder, a tool that helps you to spin up a quick React frontend for deployed smart contracts. This development wizard instantly generates complete dapp interfaces with wallet integration and multi-network support, eliminating the need to build contract interaction UIs from scratch.| OpenZeppelin Blog
OpenZeppelin's Notorious Bug Digest #4 analyzes critical Web3 vulnerabilities: deflationary token exploits, ERC4626 overrides, Permit2 DoS attacks, and Rust shift overflows. Essential reading for Web3 security professionals.| blog.openzeppelin.com
Table of Contents Table of Contents Summary Scope System OverviewPEG-IN Process PEG-OUT Process Security Model and Trust AssumptionsPrivileged Roles High SeverityMalicious Owner Can Mint Wrapped BTC From Arbitrary Bitcoin Transactions Medium SeverityPotential Loss of Wrapped BTC Malicious Owner Can Mint to a Random Recipient Low SeverityFunctions Updating State Without Event Emissions Missing Docstrings Potential Loss of Ownership During Transfers Missing _disableInitializers Notes & Addition...| OpenZeppelin Blog
Table of Contents Table of Contents Summary Scope System OverviewCore Mechanisms Price Oracles Asset Management Security Model and Trust AssumptionsPrivileged Roles By Contract Critical SeverityAttacker can Lock User Funds through Redeem Function High SeverityFlashloan Functionality is Blocked Pools Can Be Subject to Price Manipulation Leading to Early Liquidations or Arbitrage Medium SeverityFlashloan Functionality Does Not Follow ERC-3156 Standard Redemption Waiting Can Be Gamed Pool at Cap...| OpenZeppelin Blog
This two-part series describes the current state of the ZKChain ecosystem and its internal procedures as of time of writing. As the ecosystem evolves, some described features can be updated in the future.| blog.openzeppelin.com
OpenZeppelin conducted a differential audit of the OpenZeppelin/stellar-contracts repository at commit cf05a5d against commit d3741c3.| blog.openzeppelin.com
Mantle V2 is a layer 2 (L2) scaling solution for Ethereum that uses fraud proofs instead of validity proofs for its security. The protocol aims to provide low transaction fees and high throughput while maintaining full EVM compatibility. Mantle V2 is built on top of Ethereum using the OP Stack and therefore shares many similarities with Optimism. This audit particularly focuses on its L2 execution client which has been forked from Optimism's op-geth repository. While changes have been made in...| blog.openzeppelin.com
Mantle V2 is a layer 2 (L2) scaling solution for Ethereum that uses fraud proofs instead of validity proofs for its security. The protocol aims to provide low transaction fees and high throughput while maintaining full EVM compatibility. Mantle V2 is built on top of Ethereum using the OP Stack and therefore shares many similarities with Optimism. The op-node, op-batcher, and op-proposer components collectively comprise the consensus layer that keeps the chain running and glues all the other l...| blog.openzeppelin.com
$9 billion has been compromised through smart contract hacks across the industry so far, with $1.2 billion occurring in 2024 alone. These staggering figures highlight the pressing need for thorough security measures, and that’s where smart contract audits play a critical role.| blog.openzeppelin.com
We audited the Uniswap/v4-periphery repository at commit df47aa9 and the Uniswap/universal-router repository at commit 4ce107d. Smart Contract Audit.| blog.openzeppelin.com
Smart Contract Audit. We audited the Uniswap/v4-core repository at commit d5d4957 and founded a Critical Severity Issue.| blog.openzeppelin.com
In 2024, OpenZeppelin executed thorough audits of Uniswap v4's Core, Periphery, and Universal Router, uncovering and resolving critical security issues. Following the audits, the Uniswap Foundation awarded OpenZeppelin a grant to develop the Uniswap v4 Hooks Library.| blog.openzeppelin.com
We audited the Fantom-foundation/Bridge repository at commit 558465d. Smart Contract Audit.| blog.openzeppelin.com
We audited the Fantom-foundation/Opera-Bridge repository at commit 730e10b3. Smart Contract Audit.| blog.openzeppelin.com
