OpenZeppelin’s mission is to secure the open economy. We believe that smart contract upgrades are an important part of this mission.
For those who don’t know, a smart contract upgrade is an action that can arbitrarily change the code that runs in a contract on chain, while preserving its address, storage, and balance. Upgrades can be used as a safeguard for fixing an eventual vulnerability, and also as a means to iteratively develop a system by progressively adding new features.
We’ve been working on secure proxy-based upgrades for several years already, from early experiments in OpenZeppelin Labs, to the OpenZeppelin SDK (originally called ZeppelinOS!), consisting of OpenZeppelin CLI and Upgrades Library.
Up until mid this year, the CLI was the only comprehensive solution we provided to integrate contract upgrades into a project. The CLI, however, required the entire project to be built on it. This meant that projects who wanted to leverage upgrades needed to either ditch their toolchain, or build some really awkward patches to have both running side by side.
Since our goal is to foster security, in this case via facilitating upgrades, we set out to make upgrades more easy to adopt. Part of this effort included making proxies available directly from our popular Contracts library. And part of this effort, in the tooling front, included Upgrades Plugins for Truffle and Buidler.
Truffle is the most popular smart contract development framework at 25K downloads a week, and Buidler has been growing rapidly for the past year with a 6x growth, effectively surpassing the OpenZeppelin CLI. By integrating with them, smart contract developers can use upgrades with the tools they’re familiar with, and without having to migrate to a new framework.
Deploying an upgradeable contract is now as simple as upgrades.deployProxy(MyContract, [arg1, arg2])
!
We have seen a good response from the community to the Upgrades plugins. Not only are they easier to use from existing and familiar toolchains, but we have used all our learnings from the OpenZeppelin SDK to build a clearer and easier-to-use interface from the ground up.
With this in mind, we’ve decided it’s best to focus our upgradeability efforts on the Upgrades Plugins exclusively, and have halted development on the OpenZeppelin CLI. This will allow us to focus on improving the security and upgrade patterns we provide, while building on the great work of projects fully dedicated to developer experience. We will continue to provide support for the CLI until the end of 2020. For those who are using the CLI currently and want to migrate to the Upgrades Plugins, we provide a command that makes it easy to migrate your project over, along with a guide that shows what the process is like. Additionally, we will be providing support for anyone migrating in the Community Forum.
$ npx migrate-oz-cli-project
✔ Successfully migrated .openzeppelin/rinkeby.json
✔ Migration data exported to openzeppelin-cli-export.json
✔ Deleting .openzeppelin/project.json
These were your project's compiler options:
{
"compilerSettings": {
...
We’re excited for the features and security improvements that are coming for the Upgrades Plugins and we hope to see you building with them!
You will notice that we’ve also updated the Learn guides in our documentation with instructions on how to use Truffle or Buidler for developing smart contracts. Our Learn guides are written for developers who are new to the space, the tooling, and the concepts.
In case you’ve missed it, here’s a list of what we’ve released on the upgrades front recently!
- Step by step guides for using the Upgrades Plugins with Truffle and Builder.
- An OpenZeppelin Upgrades App for Gnosis Safe for managing upgrades.
- The State of Smart Contract Upgrades by @spalladino.
- OpenZeppelin Contracts v3.2 with Proxy and ProxyAdmin contracts for Solidity 0.6 and Solidity 0.7.