Should OpenZeppelin ERC20 Contracts be audited?

Most of us know how "audit companies" work in our world, especially in low range prices (1-5k$). They just run our contracts through few automated tools to check for vulnerabilities and than do a fancy report in pdf.

Audits are not protecting users from rug pulls or from infinite mints, also we know that most of the web3 hacks are happening from bridges.

So my question should OpenZeppelin ERC20 contracts be audited before deploying? Because currently I'm bootstrapping the project myself and I can't afford to pay 50-100k$ to real audit companies to check my code nor I'm planning to make any changes to OZ contracts. I'm just looking to deploy an ERC20 Burnable Token and wanted to make sure is it necessary to audit something so popular and tested as OpenZeppelin Contract?

1 Like

Please see the Security section of the readme in the OpenZeppelin Contracts repository.

There's no definitive "yes" or "no" answer as it'd depend on many factors e.g. how big the stakes are.
Generally, OpenZeppelin's code can be considered safe, as long as you didn't make any changes to any of it.
Your own code should be checked by experienced developers.