OpenZeppelin Contracts 4.1

This new release introduces UUPS proxies as a cheaper alternative to Transparent proxies. Additionally, a new ERC20 extension allows easy creation of tokens with built-in flash minting, and a new small utility contract provides a function batching mechanism that requires no extra work to set up. Read on to learn more!

Get Started

Use our Contracts Wizard to learn more and quickly bootstrap your code.

Install from npm for local development:

  • npm install @openzeppelin/contracts
  • npm install @openzeppelin/contracts-upgradeable for upgradeable contracts

Finally, if you’re looking for an easy way to manage and automate operations for the contracts you deploy, you can learn more about OpenZeppelin Defender and sign up for a free account.


UUPS Proxies

The recent upgrade to the Ethereum network, called “Berlin”, includes a repricing EIP that makes storage access significantly more expensive. A contract that is particularly affected by this repricing is the Transparent Proxy, which powers upgradeable smart contracts. Every call to such a proxy reads two different storage positions: implementation and admin addresses. While the first is strictly necessary for an upgradeable proxy contract, the second is only necessary for the transparent proxy pattern specifically, as explained in this post. Thus, we’ve been working to provide an alternative that does not incur this extra cost.

This release of OpenZeppelin Contracts includes a new UUPSUpgradeable contract that is used to implement the UUPS proxy pattern. The difference with Transparent proxies, in short, is that the upgrade mechanism resides on the implementation, as opposed to the proxy. As a consequence, the proxy is smaller and cheaper to deploy and use. When using this proxy pattern, users will inherit UUPSUpgradeable in their upgradeable contracts and deploy with an ERC1967Proxy.

To make all of this easy, we’re also releasing a new version of OpenZeppelin Upgrades Plugins that adds an option to choose a proxy pattern:

await upgrades.deployProxy(ContractFactory, { kind: 'uups' })

Please note that as of this announcement these proxy contracts have not been independently audited, though they have been through our internal review process.

A final note for those interested in giving UUPS proxies a try. As we mentioned before, Transparent proxies include the concept of an admin, the account that is allowed to upgrade the proxy. UUPS proxies, on the other hand, do not come with such a built-in access control mechanism for upgrades. When inheriting UUPSUpgradeable, you will be forced to define one by implementing the abstract function _authorizeUpgrade. You can use one of our access control contracts for this, and if you missed it check out our recent workshop on Setting Up Access Control.

We’ve set up a new documentation page listing all of our tooling and resources related to upgradeability. Check it out.

Multicall

A new contract called Multicall, based on code from ENS resolvers, can be used to easily allow users to batch multiple function calls in a single transaction. This works by adding the function multicall(bytes[] calldata data), where each of the items in the array must encode a function call to the contract. Batching multiple function calls guarantees atomicity, and saves gas costs for users by sending a single transaction instead of many (keep in mind every transaction has a base cost of 21k gas) while also potentially reducing storage costs, since warm storage positions are cheaper to read or write since the Berlin upgrade.

More

ERC20FlashMint is a new ERC20 extension implementing the ERC3156 interface. This contract adds the flashLoan function to a token, allowing for flash minting: a mechanism for arbitrarily large loans granted as long as the full amount is returned in the same transaction. You will notice in the name of the file that the contract is a Draft, in the sense that the EIP may still change in breaking ways. Read about Drafts here.

Two additions to the cryptography tooling: EIP2098 short signature support in the ECDSA library, and SignatureChecker, a new signature verification library that supports both EOA and ERC1271 compliant contracts as signers, thus making it easy to support signatures for smart contract wallets like Argent.

Make sure to read the changelog for the full list of changes, including details of a small breaking change for users of TimelockController.

Get Started

Use our Contracts Wizard to learn more and quickly bootstrap your code.

Install from npm for local development:

  • npm install @openzeppelin/contracts
  • npm install @openzeppelin/contracts-upgradeable for upgradeable contracts

Finally, if you’re looking for an easy way to manage and automate operations for the contracts you deploy, you can learn more about OpenZeppelin Defender and sign up for a free account.