v4.6.0-rc.0

This prerelease is now available for open review! Let us know your feedback and if you find any security issues.

We have a bug bounty with rewards of up to USD $25,000 and a special POAP for submitting a valid issue.

See the announcement for some more details.

v4.5.0

• ERC2981: add implementation of the royalty standard, and the respective extensions for ERC721 and ERC1155. (#3012)
• GovernorTimelockControl: improve the state() function to have it reflect cases where a proposal has been canceled directly on the timelock. (#2977)
• Preset contracts are now deprecated in favor of Contracts Wizard. (#2986)
• Governor: add a relay function to help recover assets sent to a governor that is not its own executor (e.g. when using a timelock). (#2926)
• GovernorPreventLateQuorum: add new module to ensure a minimum voting duration is available after the quorum is reached. (#2973)
• ERC721: improved revert reason when transferring from wrong owner. (#2975)
• Votes: Added a base contract for vote tracking with delegation. (#2944)
• ERC721Votes: Added an extension of ERC721 enabled with vote tracking and delegation. (#2944)
• ERC2771Context: use immutable storage to store the forwarder address, no longer an issue since Solidity >=0.8.8 allows reading immutable variables in the constructor. (#2917)
• Base64: add a library to parse bytes into base64 strings using encode(bytes memory) function, and provide examples to show how to use to build URL-safe tokenURIs. (#2884)
• ERC20: reduce allowance before triggering transfer. (#3056)
• ERC20: do not update allowance on transferFrom when allowance is type(uint256).max. (#3085)
• ERC20: add a _spendAllowance internal function. (#3170)
• ERC20Burnable: do not update allowance on burnFrom when allowance is type(uint256).max. (#3170)
• ERC777: do not update allowance on transferFrom when allowance is type(uint256).max. (#3085)
• ERC777: add a _spendAllowance internal function. (#3170)
• SignedMath: a new signed version of the Math library with max, min, and average. (#2686)
• SignedMath: add a abs(int256) method that returns the unsigned absolute value of a signed value. (#2984)
• ERC1967Upgrade: Refactor the secure upgrade to use ERC1822 instead of the previous rollback mechanism. This reduces code complexity and attack surface with similar security guarantees. (#3021)
• UUPSUpgradeable: Add ERC1822 compliance to support the updated secure upgrade mechanism. (#3021)
• Some more functions have been made virtual to customize them via overrides. In many cases this will not imply that other functions in the contract will automatically adapt to the overridden definitions. People who wish to override should consult the source code to understand the impact and if they need to override any additional functions to achieve the desired behavior.

Breaking changes

• ERC1967Upgrade: The function _upgradeToAndCallSecure was renamed to _upgradeToAndCallUUPS, along with the change in security mechanism described above.
• Address: The Solidity pragma is increased from ^0.8.0 to ^0.8.1. This is required by the account.code.length syntax that replaces inline assembly. This may require users to bump their compiler version from 0.8.0 to 0.8.1 or later. Note that other parts of the code already include stricter requirements.

v4.5.0-rc.0

This prerelease is now available for review! Let us know your feedback and if you find any security issues.

We have a bug bounty with rewards of up to USD $25,000 and a special POAP for submitting a valid issue.

See the announcement for some more details.

v4.4.2

⚠️ This is a patch for a medium severity issue. For more information visit the security advisory.

• GovernorCompatibilityBravo: Fix error in the encoding of calldata for proposals submitted through the compatibility interface with explicit signatures. (#3100)

v4.4.1

⚠️ This is a patch for a low severity vulnerability. For more information visit the security advisory.

• Initializable: change the existing initializer modifier and add a new onlyInitializing modifier to prevent reentrancy risk. (#3006)

Breaking change

It is no longer possible to call an initializer-protected function from within another initializer function outside the context of a constructor. Projects using OpenZeppelin upgradeable proxies should continue to work as is, since in the common case the initializer is invoked in the constructor directly. If this is not the case for you, the suggested change is to use the new onlyInitializing modifier in the following way:

 contract A {
-    function initialize() public   initializer { ... }
+    function initialize() internal onlyInitializing { ... }
 }
 contract B is A {
     function initialize() public initializer {
         A.initialize();
     }
 }

v4.4.0

Check out the first OpenZeppelin Community Call where the team discussed everything that is included in this release.

And if you missed it, we recently announced an official bug bounty program for OpenZeppelin Contracts. Check it out!

• Ownable: add an internal _transferOwnership(address). (#2568)
• AccessControl: add internal _grantRole(bytes32,address) and _revokeRole(bytes32,address). (#2568)
• AccessControl: mark _setupRole(bytes32,address) as deprecated in favor of _grantRole(bytes32,address). (#2568)
• AccessControlEnumerable: hook into _grantRole(bytes32,address) and _revokeRole(bytes32,address). (#2946)
• EIP712: cache address(this) to immutable storage to avoid potential issues if a vanilla contract is used in a delegatecall context. (#2852)
• Add internal _setApprovalForAll to ERC721 and ERC1155. (#2834)
• Governor: shift vote start and end by one block to better match Compound's GovernorBravo and prevent voting at the Governor level if the voting snapshot is not ready. (#2892)
• GovernorCompatibilityBravo: consider quorum an inclusive rather than exclusive minimum to match Compound's GovernorBravo. (#2974)
• GovernorSettings: a new governor module that manages voting settings updatable through governance actions. (#2904)
• PaymentSplitter: now supports ERC20 assets in addition to Ether. (#2858)
• ECDSA: add a variant of toEthSignedMessageHash for arbitrary length message hashing. (#2865)
• MerkleProof: add a processProof function that returns the rebuilt root hash given a leaf and a proof. (#2841)
• VestingWallet: new contract that handles the vesting of Ether and ERC20 tokens following a customizable vesting schedule. (#2748)
• Governor: enable receiving Ether when a Timelock contract is not used. (#2748)
• GovernorTimelockCompound: fix ability to use Ether stored in the Timelock contract. (#2748)

v4.3.3

⚠️ This is a security patch. For more information visit the security advisory.

• ERC1155Supply: Handle totalSupply changes by hooking into _beforeTokenTransfer to ensure consistency of balances and supply during IERC1155Receiver.onERC1155Received calls.

v4.3.2

⚠️ This is a security patch. For more information visit the security advisory.

• UUPSUpgradeable: Add modifiers to prevent upgradeTo and upgradeToAndCall being executed on any contract that is not the active ERC1967 proxy. This prevents these functions being called on implementation contracts or minimal ERC1167 clones, in particular.

v4.3.1

⚠️ This is a security patch. For more information visit the security advisory.

• TimelockController: Add additional isOperationReady check.

v3.4.2-solc-0.7

• TimelockController: Add additional isOperationReady check.