From 91305165faa638b8d222c3dab61904f13dac86fd Mon Sep 17 00:00:00 2001 From: Francisco Date: Mon, 4 Sep 2023 05:11:30 -0300 Subject: [PATCH] Move security directory contents to utils (#4551) --- .changeset/smooth-cougars-jump.md | 5 ++++ certora/harnesses/PausableHarness.sol | 2 +- contracts/mocks/PausableMock.sol | 2 +- contracts/mocks/ReentrancyMock.sol | 2 +- contracts/security/README.adoc | 17 ------------- .../ERC1155/extensions/ERC1155Pausable.sol | 2 +- .../token/ERC20/extensions/ERC20Pausable.sol | 2 +- .../ERC721/extensions/ERC721Pausable.sol | 2 +- contracts/{security => utils}/Pausable.sol | 0 contracts/utils/README.adoc | 25 +++++++++++-------- .../{security => utils}/ReentrancyGuard.sol | 0 test/{security => utils}/Pausable.test.js | 0 .../ReentrancyGuard.test.js | 0 13 files changed, 25 insertions(+), 34 deletions(-) create mode 100644 .changeset/smooth-cougars-jump.md delete mode 100644 contracts/security/README.adoc rename contracts/{security => utils}/Pausable.sol (100%) rename contracts/{security => utils}/ReentrancyGuard.sol (100%) rename test/{security => utils}/Pausable.test.js (100%) rename test/{security => utils}/ReentrancyGuard.test.js (100%) diff --git a/.changeset/smooth-cougars-jump.md b/.changeset/smooth-cougars-jump.md new file mode 100644 index 00000000000..337101cd03d --- /dev/null +++ b/.changeset/smooth-cougars-jump.md @@ -0,0 +1,5 @@ +--- +'openzeppelin-solidity': major +--- + +`ReentrancyGuard`, `Pausable`: Moved to `utils` directory. diff --git a/certora/harnesses/PausableHarness.sol b/certora/harnesses/PausableHarness.sol index 302f1d7e436..5977b92022c 100644 --- a/certora/harnesses/PausableHarness.sol +++ b/certora/harnesses/PausableHarness.sol @@ -1,7 +1,7 @@ // SPDX-License-Identifier: MIT pragma solidity ^0.8.20; -import {Pausable} from "../patched/security/Pausable.sol"; +import {Pausable} from "../patched/utils/Pausable.sol"; contract PausableHarness is Pausable { function pause() external { diff --git a/contracts/mocks/PausableMock.sol b/contracts/mocks/PausableMock.sol index abe50c6c9a4..fa701e2c7ad 100644 --- a/contracts/mocks/PausableMock.sol +++ b/contracts/mocks/PausableMock.sol @@ -2,7 +2,7 @@ pragma solidity ^0.8.20; -import {Pausable} from "../security/Pausable.sol"; +import {Pausable} from "../utils/Pausable.sol"; contract PausableMock is Pausable { bool public drasticMeasureTaken; diff --git a/contracts/mocks/ReentrancyMock.sol b/contracts/mocks/ReentrancyMock.sol index f275c88e233..39e2d5ed850 100644 --- a/contracts/mocks/ReentrancyMock.sol +++ b/contracts/mocks/ReentrancyMock.sol @@ -2,7 +2,7 @@ pragma solidity ^0.8.20; -import {ReentrancyGuard} from "../security/ReentrancyGuard.sol"; +import {ReentrancyGuard} from "../utils/ReentrancyGuard.sol"; import {ReentrancyAttack} from "./ReentrancyAttack.sol"; contract ReentrancyMock is ReentrancyGuard { diff --git a/contracts/security/README.adoc b/contracts/security/README.adoc deleted file mode 100644 index 7f4799eb81e..00000000000 --- a/contracts/security/README.adoc +++ /dev/null @@ -1,17 +0,0 @@ -= Security - -[.readme-notice] -NOTE: This document is better viewed at https://docs.openzeppelin.com/contracts/api/security - -These contracts aim to cover common security practices. - -* {ReentrancyGuard}: A modifier that can prevent reentrancy during certain functions. -* {Pausable}: A common emergency response mechanism that can pause functionality while a remediation is pending. - -TIP: For an overview on reentrancy and the possible mechanisms to prevent it, read our article https://blog.openzeppelin.com/reentrancy-after-istanbul/[Reentrancy After Istanbul]. - -== Contracts - -{{ReentrancyGuard}} - -{{Pausable}} diff --git a/contracts/token/ERC1155/extensions/ERC1155Pausable.sol b/contracts/token/ERC1155/extensions/ERC1155Pausable.sol index 914420cccd0..96f2400f801 100644 --- a/contracts/token/ERC1155/extensions/ERC1155Pausable.sol +++ b/contracts/token/ERC1155/extensions/ERC1155Pausable.sol @@ -4,7 +4,7 @@ pragma solidity ^0.8.20; import {ERC1155} from "../ERC1155.sol"; -import {Pausable} from "../../../security/Pausable.sol"; +import {Pausable} from "../../../utils/Pausable.sol"; /** * @dev ERC1155 token with pausable token transfers, minting and burning. diff --git a/contracts/token/ERC20/extensions/ERC20Pausable.sol b/contracts/token/ERC20/extensions/ERC20Pausable.sol index 6ac0db2e2b8..e7c311cc11a 100644 --- a/contracts/token/ERC20/extensions/ERC20Pausable.sol +++ b/contracts/token/ERC20/extensions/ERC20Pausable.sol @@ -4,7 +4,7 @@ pragma solidity ^0.8.20; import {ERC20} from "../ERC20.sol"; -import {Pausable} from "../../../security/Pausable.sol"; +import {Pausable} from "../../../utils/Pausable.sol"; /** * @dev ERC20 token with pausable token transfers, minting and burning. diff --git a/contracts/token/ERC721/extensions/ERC721Pausable.sol b/contracts/token/ERC721/extensions/ERC721Pausable.sol index 301469d0a91..420edab2246 100644 --- a/contracts/token/ERC721/extensions/ERC721Pausable.sol +++ b/contracts/token/ERC721/extensions/ERC721Pausable.sol @@ -4,7 +4,7 @@ pragma solidity ^0.8.20; import {ERC721} from "../ERC721.sol"; -import {Pausable} from "../../../security/Pausable.sol"; +import {Pausable} from "../../../utils/Pausable.sol"; /** * @dev ERC721 token with pausable token transfers, minting and burning. diff --git a/contracts/security/Pausable.sol b/contracts/utils/Pausable.sol similarity index 100% rename from contracts/security/Pausable.sol rename to contracts/utils/Pausable.sol diff --git a/contracts/utils/README.adoc b/contracts/utils/README.adoc index d95f4dad4f0..d88b0019950 100644 --- a/contracts/utils/README.adoc +++ b/contracts/utils/README.adoc @@ -5,23 +5,20 @@ NOTE: This document is better viewed at https://docs.openzeppelin.com/contracts/ Miscellaneous contracts and libraries containing utility functions you can use to improve security, work with new data types, or safely use low-level primitives. -The {Address}, {Arrays}, {Base64} and {Strings} libraries provide more operations related to these native data types, while {SafeCast} adds ways to safely convert between the different signed and unsigned numeric types. -{Multicall} provides a function to batch together multiple calls in a single external call. - -For new data types: - - * {EnumerableMap}: like Solidity's https://solidity.readthedocs.io/en/latest/types.html#mapping-types[`mapping`] type, but with key-value _enumeration_: this will let you know how many entries a mapping has, and iterate over them (which is not possible with `mapping`). - * {EnumerableSet}: like {EnumerableMap}, but for https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets]. Can be used to store privileged accounts, issued IDs, etc. + * {ReentrancyGuard}: A modifier that can prevent reentrancy during certain functions. + * {Pausable}: A common emergency response mechanism that can pause functionality while a remediation is pending. + * {SafeCast}: Checked downcasting functions to avoid silent truncation. + * {Math}, {SignedMath}: Implementation of various arithmetic functions. + * {Multicall}: Simple way to batch together multiple calls in a single external call. + * {Create2}: Wrapper around the https://blog.openzeppelin.com/getting-the-most-out-of-create2/[`CREATE2` EVM opcode] for safe use without having to deal with low-level assembly. + * {EnumerableMap}: A type like Solidity's https://solidity.readthedocs.io/en/latest/types.html#mapping-types[`mapping`], but with key-value _enumeration_: this will let you know how many entries a mapping has, and iterate over them (which is not possible with `mapping`). + * {EnumerableSet}: Like {EnumerableMap}, but for https://en.wikipedia.org/wiki/Set_(abstract_data_type)[sets]. Can be used to store privileged accounts, issued IDs, etc. [NOTE] ==== Because Solidity does not support generic types, {EnumerableMap} and {EnumerableSet} are specialized to a limited number of key-value types. - -As of v3.0, {EnumerableMap} supports `uint256 -> address` (`UintToAddressMap`), and {EnumerableSet} supports `address` and `uint256` (`AddressSet` and `UintSet`). ==== -Finally, {Create2} contains all necessary utilities to safely use the https://blog.openzeppelin.com/getting-the-most-out-of-create2/[`CREATE2` EVM opcode], without having to deal with low-level assembly. - == Math {{Math}} @@ -42,6 +39,12 @@ Finally, {Create2} contains all necessary utilities to safely use the https://bl {{EIP712}} +== Security + +{{ReentrancyGuard}} + +{{Pausable}} + == Introspection This set of interfaces and contracts deal with https://en.wikipedia.org/wiki/Type_introspection[type introspection] of contracts, that is, examining which functions can be called on them. This is usually referred to as a contract's _interface_. diff --git a/contracts/security/ReentrancyGuard.sol b/contracts/utils/ReentrancyGuard.sol similarity index 100% rename from contracts/security/ReentrancyGuard.sol rename to contracts/utils/ReentrancyGuard.sol diff --git a/test/security/Pausable.test.js b/test/utils/Pausable.test.js similarity index 100% rename from test/security/Pausable.test.js rename to test/utils/Pausable.test.js diff --git a/test/security/ReentrancyGuard.test.js b/test/utils/ReentrancyGuard.test.js similarity index 100% rename from test/security/ReentrancyGuard.test.js rename to test/utils/ReentrancyGuard.test.js