I’m using OpenZeppelin upgrades and contracts-ethereum-package contracts and importing them into my contracts from node_modules (example below).
I’m trying to use the static analyzer Slither, but it requires the contracts imported to be located in the local directory. I could (and prefer) to copy them into the local directory so I know code/versions aren’t changing, use Slither, etc.
Is it safe to copy the OpenZeppelin contracts I’m using from the node_modules folder to the local directory that stores all the projects other smart contracts if I’m using the oz-cli to manage my deployments, upgrades, management, etc.?
Furthermore, I wish to make some minor changes to the OpenZeppelin contracts I’m using.
My question is, if I’m using oz-cli for the SDLC will it respect the changes I make to the OpenZeppelin contracts I’m using (assuming I change the import to reference the locally stored, compiler changed versions). Or, will it continue to reference and deploy the version of the OpenZeppelin contracts I’m using in my project from node_modules (un-changed) and make Proxy versions of those?
I believe I read somewhere the “link” command from oz-cli re-uses already deployed versions/bytecode of the OpenZeppelin contracts to point Proxy contracts too.
Thanks for any clarification!
I’m currently using:
Code to reproduce