OpenZeppelin Blog

Introducing the OpenZeppelin Contracts Security Center

Written by OpenZeppelin | June 8, 2023

OpenZeppelin Contracts has been the gold standard open-source library for secure smart contract development since 2016. With over 1.5 million active contracts and $19 billion in total value locked, it has proven to be the go-to choice for developers in the Web3 ecosystem. Building on our commitment to establishing security accountability and transparency standards, we are excited to announce the launch of the OpenZeppelin Contracts Security Center, a comprehensive hub that provides invaluable insights into our secure development process. 

In-Depth Audit Reports for Uncompromised Security

OpenZeppelin Contracts has undergone rigorous auditing procedures, with a total of five audits conducted to date. These audits include, but are not limited to, a thorough examination of all new and changed contracts introduced in the v4.9 release in May 2023. Our audits are performed by OpenZeppelin Security Research, an independent entity separate from the Contracts Development team, as well as external audit firms. Funding for these audits is provided by OpenZeppelin and supported by grants, including those from the Ethereum Foundation. The Audit Report section reveals detailed information about each audit, along with direct links to the complete audit reports.

Enhanced Test Coverage and Verification

Maintaining the highest level of quality and security, OpenZeppelin Contracts has over 99% unit test coverage. With the release of v4.9, we have further expanded our utilization of cutting-edge techniques such as fuzzing and formal verification, employing Certora for 100+ rules and invariants.

Timely Security Updates for Ongoing Protection

OpenZeppelin is committed to promptly addressing security concerns and providing necessary updates. We prioritize swift communication of security updates whenever required. The Security Updates section in the Security Center serves as a community record of all security advisories.

Bug Bounty Program: Encouraging Community Participation

OpenZeppelin maintains a bug bounty program through Immunefi. Since its inception in 2021, the program has paid out $13,200 in rewards. We take pride in our efficient resolution process, with an average response time of 11 hours, ranking us in the top 20% of projects.

Transparency Through Source Code and On-Chain Data

OpenZeppelin Contracts is publicly available on GitHub and can be accessed via NPM. As of June 2023, the open-source contracts library is downloaded over 300,000 times per week and has garnered more than 20,000 stars on GitHub. Notably, contracts utilizing OpenZeppelin have a combined worth of nearly $20 billion in total value locked and have processed over 50 million transactions to date.

OpenZeppelin prioritizes trust and transparency within the Web3 ecosystem. The launch of the Contracts Security Center reaffirms our dedication to providing the most secure and reliable smart contract libraries. Check out the Security Center for all the relevant security details regarding OpenZeppelin Contracts. If you’re interested in receiving an audit or security assessment from the leaders in blockchain security then be sure to request an audit.