Bootstrapping a Developer Ecosystem with Zeppelin

Thank you for your interest in this post! We’re undergoing a rebranding process, so please excuse us if some names are out of date.

by Ramon Recuero

Zeppelin’s suite of tools (OpenZeppelin, ZeppelinOS, ZepKit) provides a strong foundation to kickstart an ecosystem of decentralized systems.

Most of the work we’ve done at Zeppelin has been focused on the Ethereum ecosystem. We help the best companies in the space secure their decentralized systems end to end, including their smart contracts, compilers, and applications. We’ve performed security audits to Augur, Brave, Coinbase, and even Ethereum’s very own Solidity compiler.

Performing security audits is a good way to push decentralized systems to grow and mature, but Zeppelin is far from being just a security consulting company. Our products have received major recognition, traction, and support from the community. Notably, OpenZeppelin has become the de-facto standard for secure smart contract development. More than 12% of the tokens built on Ethereum use this standard, and more than 3,500 repositories depend on it and OpenZeppelin has surpassed 500,000 cumulative downloads, growing at over 15,000 downloads per week. The popularity of OpenZeppelin is such that it is even used by the Solidity and RSK teams to test their compiler code.

In this post, we are going to cover how Zeppelin’s suite of tools can help an EVM-based blockchain (later WASM) bootstrap its developer ecosystem through three different use cases.

Use case #1: Stablecoin

During the last few months, the demands for stablecoins has been rising. Big companies like JP Morgan, Gemini, Coinbase & Circle, and Bitfinex have released their own fiat-backed stable coins.

Let’s see how to build a stablecoin using Zeppelin’s suite of tools. Coinbase and Circle’s USDC Coin has been developed following this very same pattern, and we are going to use their process as an illustrative example.

Building from a standard (ERC-20)

First of all, we can leverage the existing ERC-20 implementation from OpenZeppelin so our stablecoin can benefit from the interface that every other token uses. Functions like ‘transfer’, ‘mint’, ‘burn’ and ‘approve’ are already part of the interface.

Let’s see how Coinbase and Circle’s USDC did it (code here):

Let’s highlight a few implementation key points:

  • USDC builds on top of OpenZeppelin ERC-20. This ensures automatic compliance with the standard interface that exchanges, wallets, custodians and other providers use.
  • ‘Minting’ and ‘Burning’ can be paused. This provides a safety mechanism in case a bug is discovered, or the code needs to be upgraded or changed.
  • Keeps a list of minters that are the only ones allowed to emit/burn new tokens. Every minter has an allowance they cannot exceed. Only the master minter can add/remove minters.
  • Keeps a list of blacklisted addresses to comply with AML regulations. This allows the owner of the contract to freeze assets that are associated with criminal activity.

Thanks to OpenZeppelin library, a project can deliver a fully functional stablecoin in a matter of days with the highest standards of security, saving hundreds of hours in development time.

Upgrading the coin

What happens if you want to make changes after you have deployed to mainnet? What if you discover a critical bug similar to that which MakerDAO experienced? Luckily, USDC Coin uses ZeppelinOS to provide seamless upgradeability through the Unstructured Storage Proxy Pattern. This pattern has been used by many projects in the space, allowing developers to write, deploy, operate and upgrade any smart contract project securely.

As we can see in the code below, the owner of the USDC contract can upgrade the coin anytime by calling the ‘upgradeTo’ function. The owner of the stablecoin can be a single Ethereum address or a contract that performs more complex governance structures (i.e multisig scheme).

Use case #2: Package Registry

One recurrent problem we see is developers copying and pasting the code from libraries to start their own projects. Besides code duplication and increased gas expenditure, this process is subject to errors and increases the probability of introducing a potential vulnerability.

We created EVM packages to address this issue within ZeppelinOS. Instead of wasting resources deploying them again every time they need them in a project, developers can link to packages — called EVM packages — that have been already deployed to the blockchain. EVM packages address a couple of additional issues:

  • When relying on a language-specific package manager, such as npm or PyPI, you depend on a centralized repository of packages. This dependency translates in trusting the repository in maintaining the integrity of your dependencies, as well as guaranteeing their availability.
  • This trust chain is made even worse if your dependencies include only the source of the smart contracts you are working with. This means that you may end up compiling your dependencies using a different compiler than the one they were tested with.

EVM packages guarantee that every single version will be forever available and immutable at the specific address where it has been published. Package creators can release new versions and developers can update their links to point to these latest versions.

ZeppelinOS already provides an initial registry of EVM packages for Ethereum. Gnosis Safe, the most popular wallet in Ethereum, together with Livepeer, LevelK, and TPL have developed libraries that can be leveraged by other smart contract developers.

A trusted registry within a public blockchain provides a Schelling point for developers, a place that they can rely on to find a reliable set of contracts to build upon. It is worth noting that we are already working with several companies to kickstart their development ecosystem.

Use case #3: Platform as a Service (PaaS)

At Zeppelin, we believe that user onboarding and scalability are the two major roadblocks that are preventing decentralized systems from reaching mass adoption. To accelerate this, we provide an end-to-end platform to deliver decentralized applications powered by blockchain technology.

We are committed to providing a professional-grade set of tools to help everyone develop game-changing applications. Applications that provide unique benefits that are tangible to people. Apps, not DApps, with the same user experience people are used to. Apps that provide a unique value without forcing the consumer to know about crypto to use them.

As a first step, we recently launched Zepkit, a suite of trusted tools to help developers create web applications powered by blockchain technologies.



Shortly afterward, we announced a partnership with TabooKey to release the Gas Station Network. Gas Station Network is an elegant solution to help DApps (or let’s just call them Apps) assume the transaction cost of its users. This means that users don’t need to install browser extensions, purchase cryptocurrencies or know how to protect their private keys. Zeppelin and TabooKey bringing the Gas Station Network into production will be the culmination of months of momentum building up around meta transactions — gasless transactions that allow users to start interacting with an application in seconds.

We are constantly evolving our products. If you want to stay tuned, visit our ZeppelinOS website and sign up for updates.