Super simple token with Open Zeppelin

I want to create a super simple token for my community. I read some tutorials and I found this code:

pragma solidity ^0.5.2;

import "./lib/oz/contracts/token/ERC20/ERC20Pausable.sol";
import "./lib/oz/contracts/token/ERC20/ERC20Capped.sol";
import "./lib/oz/contracts/token/ERC20/ERC20Detailed.sol";

contract CappedToken is ERC20Detailed, ERC20Capped, ERC20Pausable {

    constructor() 
    ERC20Detailed("DEMO Tokens", "DEMO", 18) 
    ERC20Capped(1000000000000000000000000000) // 1B
    public {}
}

3 questions:
Is this code secure or hackable in any sort of way?
Only the smart contract creator address is allowed to mint token right?
Is Pausable strictly necessary?
Thank you very much.

Hi @Michael,

Welcome to the community

I was curious about your imports showing ./lib/oz/contracts/..
I don't know what your setup is like, though I would recommend following the Usage documentation.

Regards your questions:

1. Is this code secure or hackable in any sort of way?

You should do appropriate testing and auditing (assuming your token has potential value).
There was a recent question on this in the forum that would be worth reading (also links for testing and auditing):

2. Only the smart contract creator address is allowed to mint token right?

In your current CappedToken code, the deployer of the contract is the only minter.

ERC20Capped extends ERC20Mintable which at construction, the deployer of the contract is the only minter.

3. Is Pausable strictly necessary?

It really depends what functionality you need. See the ERC20Pausable API documentation:

ERC20Pausable
Useful if you want to stop trades until the end of a crowdsale, or have an emergency switch for freezing all token transfers in the event of a large bug.

For a simple token, depending on your requirements, you may not need it to be pausable or even potentially even mintable.

Based on the SimpleToken example you could have something like the following where the total supply of tokens is minted to the deployer of the contract, with no functionality to mint additional tokens.

As always, you should do appropriate testing and auditing on your smart contracts.

SimpleToken.sol

pragma solidity ^0.5.0;

import "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import "@openzeppelin/contracts/token/ERC20/ERC20Detailed.sol";

/**
 * @title SimpleToken
 * @dev Very simple ERC20 Token example, where all tokens are pre-assigned to the creator.
 * Note they can later distribute these tokens as they wish using `transfer` and other
 * `ERC20` functions.
 */
contract SimpleToken is ERC20, ERC20Detailed {

    /**
     * @dev Constructor that gives msg.sender all of existing tokens.
     */
    constructor () public ERC20Detailed("SimpleToken", "SIM", 18) {
        _mint(msg.sender, 10000 * (10 ** uint256(decimals())));
    }
}

Thank you very much @abcoathup you are the best. In your last SimpleToken.sol example the contract creator is not allowed to mint more coins even though SimpleToken is not Capped? Thank you

Hi @Michael,

In the SimpleToken example there is no public function to mint tokens.

Tokens are only minted in the constructor using the internal _mint function.

The deployer of the contract has no specific role. The only thing special about the deployer of the contract is that the constructor mints the total supply of tokens to them.

Feel free to ask all the questions that you need.

As always, you should do appropriate testing and auditing on your smart contracts.

Thank you very much for your help. I need the last help about mainnet deploying. Is it better to open another thread? Thank you!

Hi @Michael,

A thread per question is generally best (unless the questions are tightly related).

So please create a new topic for deploying to a public network

Hi @Michael,

Were you able to deploy to a public network?
Feel free to create a new topic if you have questions.

Hello @abcoathup. Yes I’ve tried with truffle… Today I’ll create the topic because I’m not totally sure about some steps. Thank you very much for your help.