We’re excited to announce the first release candidate of OpenZeppelin Contracts v3.0

This is release features the migration to Solidity v0.6, as well as a revamped access control system.

To install the release candidate, run:

npm install --save-dev @openzeppelin/contracts@next

What’s New

All contracts were migrated to Solidity v0.6.

AccessControl was designed with help from the community and has replaced Roles contracts (such as MinterRole and PauserRole ), which were removed.

was designed with help from the community and has replaced contracts (such as and ), which were removed. Crowdsales were removed: we’ll continue to provide support for security issues on the v2.5 release, but will not bring them over to v3.0.

We’ve added hooks , a new feature of the library that will make extending it easier than ever. Read more below!

, a new feature of the library that will make extending it easier than ever. Read more below! Many, many breaking changes with small improvements. We’ve also moved some contracts around (e.g. Ownable is now found under the access directory) and deleted some that were not being used. Head to our changelog to see the full list.

Compiling v0.6 Contracts

You can use the OpenZeppelin CLI to compile any Solidity v0.6 contract: just update the pragma statement on your source code and you’ll be good to go!

pragma solidity ^0.6.0;

Note that you will need to use the recent v2.7 release of the CLI to have Solidity v0.6 support. For detailed information about using the CLI compiler, head to its documenation.

Revamped Access Control

One of our most widely-used contracts is Ownable , providing a simple authorization scheme. However, this fell short in complex systems with multiple permissions.

The v3.0 release introduces AccessControl , a one-stop-shop for all authorization needs. It lets you easily define multiple roles with different permissions, as well as which accounts are allowed to grant and revoke each role. It also boosts transparency by enabling enumeration of all privileged accounts in a system.

AccessControl was designed with a security-first mindset, receiving input from a wide array of users and incorporating best practices in the field. We’ll have detailed guides covering it out soon, but in the meantime you can refer to the documentation on the source file.

Migrating From OpenZeppelin Contracts v2.5

Other than the contract removals mentioned above, the library API is pretty much the same as in the v2.5 release, so the migration should be straightforward. For instructions on how to update your Solidity v0.5 contracts to v0.6, refer to the official documentation.

The exception to this is contracts that use the Gas Station Network (GSN): if you’re inheriting from GSNRecipient or one of the other GSN contracts, you’ll need to add the following snippet to your contracts:

function _msgSender() internal view override(Context, GSNRecipient) returns (address payable) { return GSNRecipient._msgSender(); } function _msgData() internal view override(Context, GSNRecipient) returns (bytes memory) { return GSNRecipient._msgData(); }

Using Hooks

To improve library flexibility, we’re introducing hooks: functions that are called at specific moments during a contract’s operation that you can use to hook into the internals and extend as you wish.

For example, the _beforeTokenTransfer hook in ERC20, ERC721 and ERC777 makes it very easy to add additional checks or actions to execute whenever tokens are transferred, minted or burned, regardless of what prompted it.

// Tokens can only be transferred, minted or burned if the contract is not paused contract ERC20Pausable is ERC20, Pausable { function _beforeTokenTransfer(address from, address to, uint256 amount) internal virtual override { super._beforeTokenTransfer(from, to, amount); require(!paused(), "ERC20Pausable: token transfer while paused"); } }

As an additional benefit, using hooks will allow you to side-step some of the edge-cases product of the new override keyword.

Next Steps

As with all release candidates, the final release will follow one or two weeks later. This is so that community members get a chance to share their thoughts on the upcoming changes before they are made final.

So give this release candidate a try, upgrade your project to Solidity v0.6, and tell us what you think!