OpenZeppelin
Skip to content

Why I’m Building Zeppelin

by Manuel Araoz

The purpose of this post is to update my personal vision of Zeppelin and Zeppelin’s projects, as their founder and CTO. This is my own personal perspective, and some Zeppelin team members may not be aligned with my views. However, several people told me it would be helpful if they could read my understanding of this topic as a base for further discussions, to inform long-term planning and product design. If nothing else, it has been useful to write it as a personal log.

Zeppelin (the Company)

As an organization and team, we work to build technology that helps bring freedom to the world. I believe in the power of technology to change the world by enabling new ways of doing things and opening new doors. I see a unique opportunity today to empower people who have very few resources: writing code is almost free, and it can have a huge impact in the world.

Personally, I don’t agree with how many things in the legacy world are done. Some old traditions, institutions, and ideas are being carried over from the days before we invented the Internet, and they bring injustice and suffering to millions.

  • People die of hunger in a world of abundance.
  • Nations force people to pick up guns and kill strangers for reasons they don’t understand.
  • People are forced to waste time in unnecessary and meaningless processes.
  • People are forced to pay for things they don’t want (e.g., war).
  • Many have lost trust in the elites that govern us and watch over the “common good”.
  • Our education system prepares kids for an industrial world that no longer exists.

These are all consequences of a system that was the most efficient way of doing things at one point in time. A world based in paper, industry, and big institutions that take care of our needs and worries. But the world has changed now, and its systems need an update. We have more efficient technologies and better tools for deciding for ourselves. This will affect how we choose to spend our time, how we grow personally and professionally, and how we create value for others. I think we’ll see many major changes in how the world operates, and I want Zeppelin to be a big part of that, accelerating, leading, shepherding, and enabling the changes we’re most aligned with.

One such change I personally align with strongly is enhancing the empowerment the Internet has brought to humanity. Roughly 1.2 million new users connect to the Internet for the first time every day, instantly gaining access to most of human knowledge and the biggest human tribe. We still haven’t seen the full potential of this wonder realized.

OpenZeppelin

Our flagship and most-loved project, which made us rename the company from Smart Contract Solutions to Zeppelin Solutions — and later Zeppelin, because everyone called us “the Zeppelin guys.”

The vision of this project is to be a community-built standard of secure smart contracts.

 

(Source: https://npm-stat.com/)

 

We launched the project two years ago, just before DEVCON2 in Shanghai, as a very ambitious and (what at the time seemed crazy) initiative: smart contract development in 2016 was very chaotic and fragmented, and major hacks happened every month. We managed to get initial community support because we were new to the Ethereum space, but brought in some successes from the early Bitcoin days on our shoulders.

After two years of existence, I think we have achieved the original goal of becoming the community standard for smart contract development. We have 150+ contributors from all over the world, independent and working for different companies, 2,000+ forks, ~6000 stars, and we’ve been on top of industry’s needs, so much so that it’s now seen as the place to look for reference implementations of EIPs.

We recently launched the 2.0 release, which stabilizes the API, is audited, and has 100% test coverage. This allows us to maintain our hard-earned position guiding the work of our amazing community.

Zeppelin Research

We started performing security audits as a way to push the industry to grow and mature. By helping key projects achieve their goals without being hacked, we also built our team’s technical understanding of smart contract development and learned valuable lessons to guide OpenZeppelin development.

Audits were a great strategy to achieve profitability as a company (which means ensuring our long-term survival and achievement of goals) and to grow our network of allies in the space. Many big names such as the Ethereum Foundation, Augur, and DFINITY became close with us after we worked with them on audits, because they loved our work style, values, and output.

In general, consulting (audits are a specific form of consulting) is a great way to make a company viable in a nascent industry. Given the uncertainty of the pace at which a new technology will grow, consulting means getting paid to build expertise and ride the wave. In our case, audits were key to making Zeppelin what we are today: technical thought leaders, one of the most respected teams in the industry, and a beloved brand.

ZeppelinOS

The need for and idea of ZeppelinOS originated from our audit and OpenZeppelin work. By working with our clients, we discovered that the fear of being hacked or of contracts being buggy was the main reason they were paying us good money for our audits and using OpenZeppelin’s community-vetted contracts.

By working closely with more than 50 projects (the link reports only the public audits we did) in the space in our audits and developing OpenZeppelin, we found that smart contract development had lots of pain beyond standardization and security (which we tackled quite successfully with OZ). We discovered that all smart contract developers shared the same pain points:

  • Smart contract DX is hell.
  • Lack of proper development and testing tooling.
  • Understanding smart contract tech is hard (few good education resources).
  • It’s very hard to maintain and operate a production smart contract.
  • Any bugs found in production are very costly to fix (via redeployment and state migrations): see, for example, Augur’s REP token migration, which cost ~$20k in gas and extra money in consulting fees to us, and both teams worked full time on it for 10 days.
  • Each contract is built separately and monolithically with no interaction or shared code.

Given that at Zeppelin we’ve been working with smart contracts since they were a nascent technology (early smart contract work we did dates to 2012), we’re not afraid of its rough edges. We’ve been working with smart contracts on different platforms (bitcoin scripting, off-chain bitcoin transactions, and now ethereum) and are ready to work on whatever the industry is using.

Additionally, our experience playing with smart contracts since the early days makes us very well positioned to tackle these problems head-on and as our main focus. That’s why we decided to create ZeppelinOS, an initiative to make secure smart contract development a breeze.

Since we started thinking about it almost a year ago, we announced it, gathered some community interest behind us (in the form of enthusiasm and investment), and launched the MVP version at ETHBuenosAires, which tackled the two most pressing needs: smart contract maintainability through an upgradeability system, and proper code reusability.

The following steps for ZeppelinOS, tackled in v2, which we recently announced at DEVCON4, are decentralizing the trust by which on-chain code is made secure by:

  1. supporting multiple dependencies in the form of EVM packages, and
  2. paving the road for a secure code ecosystem where experts can share their analysis of existing code.

>What Our 2019 Will Look Like

We’re in a privileged position in the blockchain space: we have a strong brand, an amazing team, a healthy business model, and we’re tackling real problems of real people who are willing to pay money for our solutions.

So 2019 will be a very important year for us: the financial downturn of cryptoassets will make many companies in the space go out of business, and the focus of conversations will go back to building. For us, this means focusing even more strongly on working with the best projects in the space (those that will most likely survive) and continuing to be sustainable (profitable) while investing in long-term development of the core technologies that will realize our vision.

  • For Zeppelin the company, we’ll stay lean and continue having the highest standards for hiring, both in terms of vision alignment and culture (our work values). Staying lean will make us survive, and keeping our standards high is our long-term investment.
  • For OpenZeppelin, we’ll consolidate the project’s community and learning resources for it to become not only the standard in code quality but also in documentation and contributor experience. This will help bring more developers into the space and will serve as an example of how to build other great EVM packages.
  • For Zeppelin Research, we’ve recently created a dedicated team (previously, the whole technical team took turns auditing), and we’re looking to find a sustainable working methodology that combines audits and open-ended research. This will allow us to continue working with strategic projects in the space, helping them be safe from errors and attacks, while learning and exploring new technologies that will nurture our other projects.
  • For ZeppelinOS, after v2 release, we’re working with our private beta partners to test our initial implementation of the ZEP token mechanics, while giving support to our current users of upgradeability mechanisms and EVM packages, aiming to become the standard in smart contract upgradeability and code reuse. Next, we’ll work on turning ZeppelinOS into the best smart contract development and operation platform out there. This will reduce the barriers of entry to blockchain technology, allowing more people to bring their ideas to production dapps.

It’s going to be fun! If what you just read resonates with you, contact us to explore working together. Thanks for reading!