Network
Launch Date
Consensus
Note
Sepolia
Oct 2021
PoW
Like-for-like representation of Ethereum
Görli
Jan 2019
PoA
Proof-of-Authority
Kiln
Mar 2022
PoS
Post-Merge (for ETH2), shadow fork of the mainnet
Kintsugi
Dec 2021
PoS
DEPRECATED, use Kiln; post-Merge (for ETH2)
Ropsten
Nov 2016
PoW
DEPRECATED, use Sepolia; the Merge to happen on Jun 8, 2022
Rinkeby
Apr 2017
PoA
DEPRECATED, use Görli and Görli Faucet
Kovan
Mar 2017
PoA
DEPRECATED, use Sepolia or Görli
List of active and deprecated Ethereum testnets, including Kintsugi.
Features
Optimistic rollup 
ZK-rollup 
Proof
Uses fraud proofs to prove transaction validity. 
Uses validity (zero-knowledge) proofs to prove transaction validity. 
Capital efficiency
Requires waiting through a 1-week delay (dispute period) before withdrawing funds. 
Users can withdraw funds immediately because validity proofs provide incontrovertible evidence of the authenticity of off-chain transactions. 
Data compression
Publishes full transaction data as calldata to Ethereum Mainnet, which increases rollup costs. 
Doesn't need to publish transaction data on Ethereum because ZK-SNARKs and ZK-STARKs already guarantee the accuracy of the rollup state. 
EVM compatibility
Uses a simulation of the Ethereum Virtual Machine (EVM), which allows it to run arbitrary logic and support smart contracts. 
Doesn't widely support EVM computation, although a few EVM-compatible ZK-rollups have appeared. 
Rollup costs
Reduces costs since it publishes minimal data on Ethereum and doesn't have to post proofs for transactions, except in special circumstances. 
Faces higher overhead from costs involved in generating and verifying proofs for every transaction block. ZK proofs require specialized, expensive hardware to create and have high on-chain verification costs. 
Trust assumptions
Doesn't require a trusted setup. 
Requires a trusted setup to work. 
Liveness requirements
Verifiers are needed to keep tabs on the actual rollup state and the one referenced in the state root to detect fraud. 
Users don't need someone to watch the L2 chain to detect fraud. 
Security properties 
Relies on cryptoeconomic incentives to assure users of rollup security. 
Relies on cryptographic guarantees for security. 
Start building
on Alchemy.
Sign up for free
Start building on Optimism.
Sign up for free
Start building on Arbitrum.
Sign up for free
Start building on Ethereum.
Sign up for free
Start building on Polygon.
Sign up for free
Start building on Starknet.
Sign up for free
Start building on Flow.
Sign up for free
kiln faucet
Get free Kiln ETH.
Start building today
Goerli faucet
Get free Goerli ETH.
Start building today
mumbai faucet
Get free Mumbai Matic.
Start building today
rinkeby faucet
Get free Rinkeby
ETH.
Start building today
Start building on Ethereum.
Get started for free
Start building on Ethereum.
Get started for free
Start building on Flow.
Get started for free
Start building on Polygon.
Get started for free
Start building on Starknet.
Get started for free
Start building on Optimism.
Get started for free
Start building on Solana.
Get started for free
Start building on Solana.
Sign up for beta access
Start building on Solana.
Join the waitlist
Arbitrum logo
Start building on Arbitrum.
Get started for free
Infra
OPENZEPPELIN OVERVIEW

What is OpenZeppelin? A Developer's Guide 2022

Security for Web3 Projects
Last Updated:
April 25, 2022

What is OpenZeppelin?

OpenZeppelin is a crypto cybersecurity technology and services company. They provide an open-source framework for building secure smart contracts as well as comprehensive security audits for some of the largest DeFi and NFT projects. Their clients include notable projects such as the Ethereum Foundation, Coinbase, and Brave. 

Beyond audits, OpenZeppelin aims to bring greater security to the DeFi ecosystem by providing smart contract developers with a library of security tools. These products allow smart contract developers to focus more on deployment and less on security, allowing for faster launches and greater reliability. 

Today, OpenZeppelin powers over 3,000 public projects with its products. 

What are smart contracts?

Smart contracts are programs that are stored and run on the blockchain. Like real-world contracts, they describe agreements and set rules. However, they can also automatically enforce them. 

This “smart” behavior is possible because the terms of these agreements are written and executed as code on the blockchain. On Ethereum, the most popular smart contract platform, smart contracts are just like any account in that they have their own balance and can create transactions. 

Other users can send and receive funds from these smart contracts as well. Unlike normal contracts, these smart contracts are generally irreversible and cannot be deleted once deployed. 

Smart contracts are what enable developers to create decentralized applications and tokens. Much of the infrastructure required of decentralized finance is based on smart-contracts, making complex financial processes such as insurance or lending possible. 

Why do we need OpenZeppelin?

It goes without saying that security is key to any decentralized application. 

Previously, project teams often had to write their own security infrastructure, leading to developers often “reinventing the wheel.” 

While writing smart contracts from scratch can be a nice learning exercise, it can be a dangerous practice in production. For smart contracts to be secure, they must be robust and that cannot be achieved in vacuum. It takes time and usage to ensure reliability; something not achievable from the get go especially for smaller projects.

Source

With no clear standard for DeFi security, it becomes difficult to recognize a secure project. With each protocol coming with its own contract implementation, it becomes difficult to verify or recognize whether a protocol is even safe. 

Additionally, given how lucrative DeFi projects can be, it's not unheard of for developers to pass on security in favor of a quick launch. 

A classic example is YAM Finance, the now notorious yield farm sensation, that decided to forgo an expensive security audit. The YAM Finance protocol was created in just 10 days, and after just 48 hours after its launch it had already  accumulated $600M in assets.

However, due to a security liability found in its smart contract protocol, it had to be shut down. Given that user’s funds are at stake, a lack of security adherence can become disastrous.

While security audits are key to minimizing potential security vulnerabilities, they aren’t enough, especially in the case of YAM Finance. Quickly made projects like YAM are rarely going to undergo security audits given the cost, making it important for developers to have the right security tools from the start. 

What functionality does OpenZeppelin offer?

OpenZeppelin mitigates events like these by providing developers with out-of-box security tools and infrastructure. These products allow smart contract developers to continue focusing on deployment, rather than reinventing the wheel with their security infrastructure. 

The OpenZepplin team likes to say a sound security foundation can now “take minutes instead of months.”

OpenZeppelin has two main products, Contracts and Defender.

OpenZeppelin’s Contracts is a library of secure smart contracts for Ethereum and other blockchains that developers are free to use. 

These open source templates are community reviewed and use the most up to date security practices. One way OpenZeppelin achieves this is through their bug bounty hunter program where the community can be rewarded for finding security vulnerabilities in OpenZeppelin’s contracts

By reusing audited OpenZeppelin contracts, projects can greatly reduce their attack surface area. Attack surface area being the number of different points where an unauthorized party could theoretically attack. Further, given their modularity and standardization, collaboration and audits are significantly easier.

Source

OpenZeppelin also provides an interactive contract generator with their Contracts Wizard. Developers can use the Wizard to create contracts using components from OpenZeppelin. Additionally, the Wizard lets you specify the type of contract (ex. ERC20), parameters and features. 

Once finished, the Wizard will generate the corresponding code ready to be deployed.

Here are a few examples of some of OpenZeppelin’s many built-in functionalities:

  • Access Control: OpenZeppelin’s access control allows developers to easily configure essentially who is allowed to what in their system. This infrastructure is critical to the security of any project as a failure could lead to a system effectively being stolen

OpenZepplin Contracts provides both simple single administrator ownership and flexible Role-Based Access Control functionality. Using these features, developers can safely assign who can mint tokens, vote on proposals, freeze transfers, and other protected functions.

  • Governance: OpenZeppelin’s Governor contract provides an out of box governance protocol. On-chain governance is necessary for truly decentralized protocols and has become a central component to many. Community governance can decide important decisions, such as parameter tweaking, smart contract upgrades, integrations with other protocols, treasury management, grants, etc. Since OpenZeeplin’s Contracts are highly modular, changes can often be introduced by creating new modules using Solidity inheritance, removing the need for a hard fork. 
Source
  • Tokens: OpenZeppelin has token contracts for many of the most common Ethereum standards, such as ERC20 and ERC721. Using this infrastructure, developers can deploy their own tokens along with many other capabilities like price monitoring, specified token transfer methods, purchase authentication, etc.

Defender is OpenZeppelin’s web-based security operations (SecOps) platform. Defender simplifies deployment and administration of smart contracts, by helping developers automate much of the operations associated with running Ethereum decentralized applications.

The platform comes with many features such as web-based back end integrations, automated tasks, and manual contract interaction. Developers can build right on the Defender platform which gives them a sound security foundation from the get-go.

Source
“Multiple exploits we’ve seen in DeFi this year, such as those in YAM, Uniswap, dForce, and Hegic, could have been avoided or reduced by following a careful security process, but teams lack a comprehensive system that fully informs them on security best practices and how to assess risk.” -OpenZeppelin’s Chief Technology Officer, Jonathan Alexander

According to OpenZeppelin, the user funds lost major exploits like the bZx and Opyn hacks, could have been reduced with the type of quick response tool possible with Defender. 

What does OpenZeppelin achieve for DeFi?

Source

OpenZeppelin is laying the groundwork for more secure decentralized applications, as they remove the need for developers to handle their own security. With baked-in security functionality, developers will be able to continue building fast, at no cost to security. This is incredibly important as attacks and DeFi systems become more complex.

As OpenZepplin emerges as a security standard for smart contracts, it helps to minimize trust across DeFi. People often talk about 0% trust, whereas no trust is required between parties. In the case of DeFi protocols, this is unrealistic.

You’re always trusting some party whether it's a team, a DAO, or an auditor. While this may sound problematic, compared to traditional banking, this is a far more transparent process, as you can still always read the code in DeFi. 

Damian Bermer, CEO of OpenZeppelin, argues that we should aim towards a goal of trust minimization rather than 0%. 

Trust minimization narrows down the pieces that we are trusting and can’t see. We can see the code executed on-chain. But even with the most trust minimized DeFi platforms, what things do we still have to trust? The best way to scale DeFi is to get to a place of massive trust minimization. -Damian Bermer

By providing open source security resources, OpenZeppelin is able to minimize trust for the ecosystem as less new code is created for each protocol. With security infrastructure becoming more trusted, far less certainty will remain regarding Defi projects’ security, allowing for greater adoption and scale.

Deploy your own smart contract with Alchemy

OpenZeppelin smart contracts are secure, community-vetted, and battle-tested. Sign up for Alchemy and get started deploying your first smart contract today!

OPENZEPPELIN OVERVIEW

What is OpenZeppelin? A Developer's Guide 2022

Security for Web3 Projects

What is OpenZeppelin?

OpenZeppelin is a crypto cybersecurity technology and services company. They provide an open-source framework for building secure smart contracts as well as comprehensive security audits for some of the largest DeFi and NFT projects. Their clients include notable projects such as the Ethereum Foundation, Coinbase, and Brave. 

Beyond audits, OpenZeppelin aims to bring greater security to the DeFi ecosystem by providing smart contract developers with a library of security tools. These products allow smart contract developers to focus more on deployment and less on security, allowing for faster launches and greater reliability. 

Today, OpenZeppelin powers over 3,000 public projects with its products. 

What are smart contracts?

Smart contracts are programs that are stored and run on the blockchain. Like real-world contracts, they describe agreements and set rules. However, they can also automatically enforce them. 

This “smart” behavior is possible because the terms of these agreements are written and executed as code on the blockchain. On Ethereum, the most popular smart contract platform, smart contracts are just like any account in that they have their own balance and can create transactions. 

Other users can send and receive funds from these smart contracts as well. Unlike normal contracts, these smart contracts are generally irreversible and cannot be deleted once deployed. 

Smart contracts are what enable developers to create decentralized applications and tokens. Much of the infrastructure required of decentralized finance is based on smart-contracts, making complex financial processes such as insurance or lending possible. 

Why do we need OpenZeppelin?

It goes without saying that security is key to any decentralized application. 

Previously, project teams often had to write their own security infrastructure, leading to developers often “reinventing the wheel.” 

While writing smart contracts from scratch can be a nice learning exercise, it can be a dangerous practice in production. For smart contracts to be secure, they must be robust and that cannot be achieved in vacuum. It takes time and usage to ensure reliability; something not achievable from the get go especially for smaller projects.

Source

With no clear standard for DeFi security, it becomes difficult to recognize a secure project. With each protocol coming with its own contract implementation, it becomes difficult to verify or recognize whether a protocol is even safe. 

Additionally, given how lucrative DeFi projects can be, it's not unheard of for developers to pass on security in favor of a quick launch. 

A classic example is YAM Finance, the now notorious yield farm sensation, that decided to forgo an expensive security audit. The YAM Finance protocol was created in just 10 days, and after just 48 hours after its launch it had already  accumulated $600M in assets.

However, due to a security liability found in its smart contract protocol, it had to be shut down. Given that user’s funds are at stake, a lack of security adherence can become disastrous.

While security audits are key to minimizing potential security vulnerabilities, they aren’t enough, especially in the case of YAM Finance. Quickly made projects like YAM are rarely going to undergo security audits given the cost, making it important for developers to have the right security tools from the start. 

What functionality does OpenZeppelin offer?

OpenZeppelin mitigates events like these by providing developers with out-of-box security tools and infrastructure. These products allow smart contract developers to continue focusing on deployment, rather than reinventing the wheel with their security infrastructure. 

The OpenZepplin team likes to say a sound security foundation can now “take minutes instead of months.”

OpenZeppelin has two main products, Contracts and Defender.

OpenZeppelin’s Contracts is a library of secure smart contracts for Ethereum and other blockchains that developers are free to use. 

These open source templates are community reviewed and use the most up to date security practices. One way OpenZeppelin achieves this is through their bug bounty hunter program where the community can be rewarded for finding security vulnerabilities in OpenZeppelin’s contracts

By reusing audited OpenZeppelin contracts, projects can greatly reduce their attack surface area. Attack surface area being the number of different points where an unauthorized party could theoretically attack. Further, given their modularity and standardization, collaboration and audits are significantly easier.

Source

OpenZeppelin also provides an interactive contract generator with their Contracts Wizard. Developers can use the Wizard to create contracts using components from OpenZeppelin. Additionally, the Wizard lets you specify the type of contract (ex. ERC20), parameters and features. 

Once finished, the Wizard will generate the corresponding code ready to be deployed.

Here are a few examples of some of OpenZeppelin’s many built-in functionalities:

  • Access Control: OpenZeppelin’s access control allows developers to easily configure essentially who is allowed to what in their system. This infrastructure is critical to the security of any project as a failure could lead to a system effectively being stolen

OpenZepplin Contracts provides both simple single administrator ownership and flexible Role-Based Access Control functionality. Using these features, developers can safely assign who can mint tokens, vote on proposals, freeze transfers, and other protected functions.

  • Governance: OpenZeppelin’s Governor contract provides an out of box governance protocol. On-chain governance is necessary for truly decentralized protocols and has become a central component to many. Community governance can decide important decisions, such as parameter tweaking, smart contract upgrades, integrations with other protocols, treasury management, grants, etc. Since OpenZeeplin’s Contracts are highly modular, changes can often be introduced by creating new modules using Solidity inheritance, removing the need for a hard fork. 
Source
  • Tokens: OpenZeppelin has token contracts for many of the most common Ethereum standards, such as ERC20 and ERC721. Using this infrastructure, developers can deploy their own tokens along with many other capabilities like price monitoring, specified token transfer methods, purchase authentication, etc.

Defender is OpenZeppelin’s web-based security operations (SecOps) platform. Defender simplifies deployment and administration of smart contracts, by helping developers automate much of the operations associated with running Ethereum decentralized applications.

The platform comes with many features such as web-based back end integrations, automated tasks, and manual contract interaction. Developers can build right on the Defender platform which gives them a sound security foundation from the get-go.

Source
“Multiple exploits we’ve seen in DeFi this year, such as those in YAM, Uniswap, dForce, and Hegic, could have been avoided or reduced by following a careful security process, but teams lack a comprehensive system that fully informs them on security best practices and how to assess risk.” -OpenZeppelin’s Chief Technology Officer, Jonathan Alexander

According to OpenZeppelin, the user funds lost major exploits like the bZx and Opyn hacks, could have been reduced with the type of quick response tool possible with Defender. 

What does OpenZeppelin achieve for DeFi?

Source

OpenZeppelin is laying the groundwork for more secure decentralized applications, as they remove the need for developers to handle their own security. With baked-in security functionality, developers will be able to continue building fast, at no cost to security. This is incredibly important as attacks and DeFi systems become more complex.

As OpenZepplin emerges as a security standard for smart contracts, it helps to minimize trust across DeFi. People often talk about 0% trust, whereas no trust is required between parties. In the case of DeFi protocols, this is unrealistic.

You’re always trusting some party whether it's a team, a DAO, or an auditor. While this may sound problematic, compared to traditional banking, this is a far more transparent process, as you can still always read the code in DeFi. 

Damian Bermer, CEO of OpenZeppelin, argues that we should aim towards a goal of trust minimization rather than 0%. 

Trust minimization narrows down the pieces that we are trusting and can’t see. We can see the code executed on-chain. But even with the most trust minimized DeFi platforms, what things do we still have to trust? The best way to scale DeFi is to get to a place of massive trust minimization. -Damian Bermer

By providing open source security resources, OpenZeppelin is able to minimize trust for the ecosystem as less new code is created for each protocol. With security infrastructure becoming more trusted, far less certainty will remain regarding Defi projects’ security, allowing for greater adoption and scale.

Deploy your own smart contract with Alchemy

OpenZeppelin smart contracts are secure, community-vetted, and battle-tested. Sign up for Alchemy and get started deploying your first smart contract today!

ALCHEMY SUPERNODE - ETHEREUM NODE API

Scale to any size, without any errors

Alchemy Supernode finally makes it possible to scale blockchain applications without all the headaches. Plus, our legendary support will guide you every step of the way.

Get started for free
Supernode footer
ALCHEMY SUPERNODE - ETHEREUM NODE API

Scale to any size, without any errors

Alchemy Supernode finally makes it possible to scale blockchain applications without all the headaches. Plus, our legendary support will guide you every step of the way.

Get started for free
Supernode footer