OpenZeppelin

OpenZeppelin Contracts patterns for secure ERC standard implementations and access control in Solidity

Solidity

framework

Use in Builder All Solidity Options

Details

Language / Topic

Solidity

Rules

OpenZeppelin · balanced balanced

- Inherit from `ERC20`, `ERC721`, or `ERC1155` from `@openzeppelin/contracts` — never reimplement token standards from scratch.

- Use `AccessControl` for role-based permissions: `bytes32 public constant MINTER_ROLE = keccak256("MINTER_ROLE")` — grant with `_grantRole`, protect with `onlyRole`.

- Wrap external ERC-20 calls with `SafeERC20.safeTransfer` and `safeTransferFrom` — handles tokens that return `false` or revert non-standardly.

- Apply `nonReentrant` from `ReentrancyGuard` to every function that calls external contracts or transfers ETH — prevents reentrancy attacks.

- Use `Pausable` for circuit-breaker patterns — restrict `pause()` and `unpause()` to a dedicated `PAUSER_ROLE`.

- For upgradeable contracts, use `@openzeppelin/contracts-upgradeable` with `Initializable` — never use `constructor` for state initialisation, use `initialize()` instead.

- Use `ERC20Permit` (EIP-2612) for gasless approvals — users sign off-chain and callers submit with `permit()` before `transferFrom()`.

- Use `Address.functionCallWithValue` for low-level calls — verifies the target is a contract and propagates revert reason strings.