Open Zeppelin

masoomalam
Aug 23, 2017 · 9 min read

Background

Thousands of users are using cryptocurrencies (digital assets). A number of crypto currencies are available among which bitcoin is the largest and dominant cryptocurrency. Its closest competitor is ether which is a three years old digital currency. Both of these cryptocurrencies are open source and are powered by a technology called Blockchain. Blockchain is the world’s leading software platform for digital assets. It is a technology that enables moving digital coin (cryptocurrencies) from one to another individual. Block chain is a decentralized ledger and could be used for smart contracts. Smart contracts can handle and transfer assets of considerable value, so it is crucial that its implementation is secure against attacks which aims at stealing or tampering assets. However, the recent hacks while working with smart contract pose a great threat. So there is a need to have some standards framework through which the developers first verify the security of contracts.

Open Zeppelin Purpose:

OpenZeppelin is an open source framework of reusable and secure smart contract in the solidity language. It helps people develop secure smart contracts for Ethereum Virtual Machine (EVM). It is designed for easy collaboration and auditing of code.

OpenZeppelin is aiming to provide secure code for new decentralized business ecosystem. Solidity language is used for writing these smart contracts. By writing these contracts in solidity other private blockchain users are able to use the same library.

OpenZeppelin community invites developers, security researchers and entrepreneurs to help them develop or use their community in their work.

It is based on following principles:

  • Security in depth
  • Code simplicity and modularity
  • Testing of code
  • Checking preconditions and postconditions (whether it is actually happening what programmer was intending to do)
  • Code consistency and regular audits

In Ethereum, a user have to deal with tokens. OpenZeppelin has provided a standard library that create, pause and destroy. In Ethereum you can create tokens easily using tokenFactory.

Why Token Library:

When you want to create a token you have to write code from scratch. Token library is divided into ten sub contracts. First mapping, all the tokens are given to the creators and then transferring these tokens to people who want to buy it. Presently ICO’s are issuing tokens, they can use OpenZeppelin library for their ease.

Tokens may be lost due to error prone interface or insecure code. The Open Zeppelin provides the standard interface with nearly no security flaws.

Inheritance of Token library

Ethereum has defined a set of rules for tokens that is ERC20 standard. These are the a set of functions that a token must have. This means that any wallet that supports ether also support ERC20 compliant tokens.

Contract ERC20Basic, ERC20 and basic token

The basic contract is ERC20 basic which is inherited into ERC20 and BasicTokens. The main function of ERC20 standard is: how user gets the token information, and on which basis these tokens are transferred. ERC20 basis contains the initial part of the ERC20 standard mapping to the database that owner have and total supply having two functions. The main problem of dealing with external contacts is they can take control of contract (Race condition) and can change the data present in the original contract. The secureApprove() function used in openZeppelin, solved the problem of race condition in ERC20 pointed out by AlChemy.

ERC20 is a simple interface with the approve function from ERC20 token.

Basictoken importing math.lib that will throw exception instead of returninf false.

Pictorial representation of Contract StandardToken, BurnableToken and LimitedTranferToken

StandardToken is inheriting BasicToken hence using math.lib . It will throw instead of returning false or true. That is deviation from ERC20 standard.

Contract MintableToken, PausableToken and TokenTimeLock

MintableToken is a standard token that mints the ethers when a particular amount is sent.It has provided the option mint() for owner to withdraw ethers from account rather than standing there.

PauseableToken is using whenNotPaused() modifier along with transfer() and transferFrom() from StandardToken contract. This is making sure the sender has sufficient amount of ethers in account. In case this is not the case this will throw an exception.

TokenTimelock releases the token after particular amount of time. token time lock receives the time and compares it with the present time if the condition is true the beneficiary balance increases other wise it throws error.

Contract Vested Token and struct included in VestedToken

Vested Token the function transfer() and tranferFrom() has a modifier that throws exception if not enough ethers are available. However transfer() is using Boolean returns for true and false. Un-regular treatment of failure conditions can result in problem for contracts using it.

Math

This is one of the most used library of zeppelin-solidity and it is divided into following contracts:

LibraryMath

In the first contract “math.sol” there are four functions to compare 64 and 256 bit unsigned integer values. While in the “SafeMath” contract there are functions for basic arithmetic operations. To ensure they always return our desired result, correct value few checks are applied to avoid any overflow or underflow, so if by some means overflow or underflow occurs, an exception is created.

OverFlows in SafeMath:

The “mul” function first calculates a*b which can cause overflow sometimes and then a check is applied to handle overflow, which we think isn’t a good practice, check should be applied first so overflow doesn’t occur. As well as same thing is done in the “add” function. See below

PullPayment:

Contract PullPayment

The idea of pull payment is that instead of pushing payments, everyone pulls their payments by themselves. In solidity pull payments are preferred over push payments because in a push payment our gas is consumed while in push payment the account/person calling the function to withdraw his tokens/ethers have to pay for the gas. Pushing payment can fail due to stack depth or out of gas issues, so we can make our code secure using pull payment system.

Here in this contract there are two more checks to ensure that the payment should not be equal to zero and the balance of the sender should not be less than the amount which is pulled.

Issues:

There is no function available to cancel any pending payment, you have to make your own function for that even if you use this library. As well as this contract lacks a check that ensures that the owner/contract has more balance than the pending payments, as “asyncsend” queues all the pending payments which can exceed the balance of the contract.

Ownership

The most important contract of ownership is “ownable” because almost all the other contracts inherit from it. In this contract, an owner is specified and he can transfer ownership to someone as well. While in the contract claimable the pending owner is set to be the new owner of the contract, and there is modifier used to ensure that only the pending owner can claim the ownership. DelayedClaimable inherits claimable contract, and here a time limit is specified in which ownership can be claimed. In “contactable” the owner provides his/her contact information and it is stored in a string.

The contract “HasnoContract” functions, in a way that anything which is ownable is reclaimed by the owner of this contract. And the contracts “HasNoEther” & “HasNoTokens” can’t own any ethers and tokens, they block incoming ethers and tokens to prevent any loss of ethers/tokens. At the end “NoOwner” is a contract and is used for the contracts which should not own anything like tokens, funds, ethers or any other contracts.

Lifecycle:

All of the contracts in lifecycle inherit ownable, the first contract “Destructible” is used to destroy contracts (only by the owner), and all the funds are transferred to the owner. The contract “Migration” is not for zeppelin users, it’s a truffle contract (for truffle integration). “Pauseable” is a contract which can be used in case of emergency when you want to pause all the functions of your dapp. The last contract “TokenDestructible” is somehow similar to contract Destructible, it is used to destroy the base contract, and all the funds including the listed tokens are sent to the owner.

So this part of the library can be used to destroy or pause any contract in case of some emergency or external attack.There were few small issues in this part but they have been resolved by the open zeppelin team.

Crowdsale, Why crowdsale:

Crowdsale is new way of collecting funds using internet technology. Crowdsale can be for charity purposes or collecting funds for a business startup or development purpose.

Ethereum platform provides a platform for developers to develop Dapps on it. Developers can ask from potential investors to buy tokens and have a share in the business.

OpenZeppelin is providing safe way to interact with potential investors.

Library:

Crowdsale is importing mintable token from token contract library. It minteds the token sold to buyer. Time stamps: the investor start and end time when investor can invest. It has a function for successful selling of tokens for amount of ethers. Ethers collected from a crowd sale is transferred to a wallet. There is a variable for particular wallet. Tokens are bought and sold in and then converted to the amount of token. The hasEnded() method returns true if the crowdsale has ended secured via only owner modifier only owner has power to close the crowdsale. It have a variable named rate that is use to set the rate of current token sale. The fallback function is used that calls buyToken() method already in the same contract. This means that the owner don’t have to worry about some other library

CappedCrowd inherits crowdsale. It overrides the ValidPurchase() method adding more logic to the previous ValidPurchase() it returns a boolean variable. hasEnded() function from crowdsale using extra logic. comparing current block time stamp as well as capReached.

FinalizableCrowdsale is called at the end of crowdsale. The finalization function can be closed by the owner of the crowdsale only. Event is called everytime the crowdsale has been finalized.

.

RefundableCrowdsale has the ability to refund to its investors if the goal stated by the owner has not reached. It forwards the money if particular goal is reached and vice versa.

RefundVault has a state that shows whether crowdsale is closed active or refunding. In any case if the crowdsale fails it returns all the funds otherwise it will forward the funding to the wallet.

Conclusion:

Overall zeppelin-solidity is a very useful and secure library for writing smart contracts, which follows the best, secure and standard industrial practices. As it is an open source library so it is improved regularly by 700 contributors. Most of the issues in the library are resolved already, only few are left which are mentioned above, and we hope they’ll also be resolved soon.

About

This article is written by Usman Fazil and Sidra Tariq. Both of them have done summer internship with my research group cybersec.com.pk. Cybersec research group is run by Dr. Masoom Alam — a security professional working in the academia and Industry from the last 17 years.

)

Thanks to Usman Fazil and Sidra

masoomalam

Written by

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade