I am new to the @openZeppelin contracts. The project I am working on needs issue ERC20 token on Besu private network. With import @OpenZeppelin/contracts/ERC20.sol, what additional security measures shall we implement in our ERC20 contract? For example, validate signed transaction and/or message, replay attack and validate sender.
I am not familiar with Besu, but assume you are running a permissioned Ethereum network.
My assumption is that the security measures you mention are at the protocol level, so you should check this with the setup of your permissioned network.
With regards your token, you should appropriately test and audit your solution. See: Points to consider when creating a fungible token (ERC20, ERC777)
Hello @abcoathup, my understanding is that the smart contract needs to handle the defense of replay attack and validating the sender by itself. I went through the ERC20.sol briefly and didn’t see the code to handle security besides to safeMath. Did I miss something here? Besu is a permission base Ethereum client under Hyperledger and sorry that it is kind of new to me as well.
Hi @Skyge, is there module to handle replay attack or validating sender? Besu is permission base Ethereum client and sorry that it is new to me as well.
The ERC20 implementation checks the sender has sufficient balance before transferring:
As for replay protection, this should be part of the Besu client. You would want to use a unique network ID/chain ID so that transactions couldn’t be replayed. Though check with Besu documentation on how to do this appropriately:
@abcoathup , this answers my question. Thanks.