OpenZeppelin Blog
The standard for secure blockchain applications| blog.openzeppelin.com
Table of contents Introduction What Does FHE Bring To The Table? Option 1: Adding FHE Computation Natively into the VM Option 2: Using an FHE CoprocessorPrivate Shared State What Can Be Built Using FHE? What OpenZeppelin is Working On| OpenZeppelin Blog
We are excited to launch Contracts UI Builder, a tool that helps you to spin up a quick React frontend for deployed smart contracts. This development wizard instantly generates complete dapp interfaces with wallet integration and multi-network support, eliminating the need to build contract interaction UIs from scratch.| OpenZeppelin Blog
OpenZeppelin's Notorious Bug Digest #4 analyzes critical Web3 vulnerabilities: deflationary token exploits, ERC4626 overrides, Permit2 DoS attacks, and Rust shift overflows. Essential reading for Web3 security professionals.| blog.openzeppelin.com
Table of Contents Table of Contents Summary Scope System OverviewPEG-IN Process PEG-OUT Process Security Model and Trust AssumptionsPrivileged Roles High SeverityMalicious Owner Can Mint Wrapped BTC From Arbitrary Bitcoin Transactions Medium SeverityPotential Loss of Wrapped BTC Malicious Owner Can Mint to a Random Recipient Low SeverityFunctions Updating State Without Event Emissions Missing Docstrings Potential Loss of Ownership During Transfers Missing _disableInitializers Notes & Addition...| OpenZeppelin Blog
Table of Contents Table of Contents Summary Scope System OverviewCore Mechanisms Price Oracles Asset Management Security Model and Trust AssumptionsPrivileged Roles By Contract Critical SeverityAttacker can Lock User Funds through Redeem Function High SeverityFlashloan Functionality is Blocked Pools Can Be Subject to Price Manipulation Leading to Early Liquidations or Arbitrage Medium SeverityFlashloan Functionality Does Not Follow ERC-3156 Standard Redemption Waiting Can Be Gamed Pool at Cap...| OpenZeppelin Blog
We are excited to launch Contracts MCP, a server‑based engine that brings OpenZeppelin’s Contracts proven security and style rules directly into any AI‑driven development workflow. Whether you’re writing code in Cursor, Claude, Gemini, Windsurf, or VS Code, Contracts MCP provides AI with the tools it needs to generate safe, correct, and production-ready contracts—no manual rule‑writing required.| OpenZeppelin Blog
Table of Contents Table of Contents Summary Scope System Overview Security Model and Trust AssumptionsPrivileged Roles Low SeverityIncorrect Comment Missing Docstrings Rounding Errors in _burn May Leave Dust in Accounts Notes & Additional InformationYieldStrippable.sol Should Be Renamed IBRLY Should Be in a Separate File _tryGetAssetDecimals Is Unused Claiming 0 Rewards Possible Unused Imports Conclusion| OpenZeppelin Blog
Table of Contents Table of Contents Summary Scope System Overview Security Model and Privileged RolesDeployment Price Feed Privileged Roles Low SeverityUnlimited DEFAULT_ADMIN_ROLE Power Over ADMIN_ROLE and WHITELISTED_ROLE Unsafe Casting in getAnswer Function Differences Between CapyFi And Chainlink Oracles Missing State Change Validation Notes & Additional InformationLack of Security Contact Missing Named Parameters in Mappings Lack of Indexed Event Parameters Lack of Oracle Staleness Check...| OpenZeppelin Blog
Table of contents Introduction What does it mean to settle on Gateway? Universal ZKChain Settlement - The FullRootHash Log Inclusion Proofs PreliminariesDeposit Funds to a ZKChain Withdraw Funds From a ZKChain Proofs Needed: Finalizing Withdrawal on L1 L2 Log Inclusion Proof for an L1-settling ZKChain L3 Log Inclusion Proof for a Gateway-settling ZKChain Conclusion Introduction Welcome to Part II of our deep dive into the ZKStack's crosschain architecture. This two-part series explores th...| OpenZeppelin Blog
Table of Contents Table of Contents Summary Scope System OverviewOrder lifetime Dutch Auction Implementation Fees Whitelist Security Model and Trust AssumptionsPrivileged Roles Medium SeverityLack of Event Emission Low SeverityLack of External Documentation Missing Docstrings Notes & Additional Informationtransfer_ownership Performs Immediate Ownership Transfer Without Safeguards Ambiguous Use of "Owner" in Whitelist Program May Cause Confusion Misleading Underscore Prefix on Used Argument _n...| OpenZeppelin Blog
This two-part series describes the current state of the ZKChain ecosystem and its internal procedures as of time of writing. As the ecosystem evolves, some described features can be updated in the future.| blog.openzeppelin.com
OpenZeppelin conducted a differential audit of the OpenZeppelin/stellar-contracts repository at commit cf05a5d against commit d3741c3.| blog.openzeppelin.com
In this tutorial, we'll explore how to effectively test your Stylus contracts using Motsu. If you're coming from a Solidity background with experience in tools like Foundry or Hardhat, you'll find many parallels that will help you get up to speed quickly.| blog.openzeppelin.com
This guide outlines some key considerations when designing a hook to suit your specific needs.| blog.openzeppelin.com
Mantle V2 is a layer 2 (L2) scaling solution for Ethereum that uses fraud proofs instead of validity proofs for its security. The protocol aims to provide low transaction fees and high throughput while maintaining full EVM compatibility. Mantle V2 is built on top of Ethereum using the OP Stack and therefore shares many similarities with Optimism. This audit particularly focuses on its L2 execution client which has been forked from Optimism's op-geth repository. While changes have been made in...| blog.openzeppelin.com
Mantle V2 is a layer 2 (L2) scaling solution for Ethereum that uses fraud proofs instead of validity proofs for its security. The protocol aims to provide low transaction fees and high throughput while maintaining full EVM compatibility. Mantle V2 is built on top of Ethereum using the OP Stack and therefore shares many similarities with Optimism. The op-node, op-batcher, and op-proposer components collectively comprise the consensus layer that keeps the chain running and glues all the other l...| blog.openzeppelin.com
$9 billion has been compromised through smart contract hacks across the industry so far, with $1.2 billion occurring in 2024 alone. These staggering figures highlight the pressing need for thorough security measures, and that’s where smart contract audits play a critical role.| blog.openzeppelin.com
We audited the Uniswap/v4-periphery repository at commit df47aa9 and the Uniswap/universal-router repository at commit 4ce107d. Smart Contract Audit.| blog.openzeppelin.com
Smart Contract Audit. We audited the Uniswap/v4-core repository at commit d5d4957 and founded a Critical Severity Issue.| blog.openzeppelin.com
In 2024, OpenZeppelin executed thorough audits of Uniswap v4's Core, Periphery, and Universal Router, uncovering and resolving critical security issues. Following the audits, the Uniswap Foundation awarded OpenZeppelin a grant to develop the Uniswap v4 Hooks Library.| blog.openzeppelin.com
We audited the Fantom-foundation/Bridge repository at commit 558465d. Smart Contract Audit.| blog.openzeppelin.com
We audited the Fantom-foundation/Opera-Bridge repository at commit 730e10b3. Smart Contract Audit.| blog.openzeppelin.com
