Using OpenZeppelin Contracts with Python and Brownie
When building smart contracts, the importance of security cannot be overstated. We are writing code that cannot be altered once deployed, and that often handles significant sums of real-world value. There is no margin for error!
OpenZeppelin has long recognized the need for security in this immutable world. Since 2016 they’ve actively maintained a library of smart contracts that other developers can use, a secure foundation upon which to buidl. Over the years, OpenZeppelin Contracts has become the most popular Solidity library in the industry and helped to define many standards and best practices. It has seen over a million downloads and is incorporated into countless projects that are deployed on the Ethereum main-net.
Using OpenZeppelin with Python and Brownie
OpenZeppelin releases each version of their library on NPM — useful if you’re a JavaScript aficionado, less so if you prefer Python. Until now, using OpenZeppelin as a Python developer required manually cloning the repo and copying the desired contracts into your project. Not an insurmountable challenge, but significantly more work than a one-liner installation.
With the newest release of Brownie comes the Brownie Package Manager. Now integration with existing libraries is quick and painless! For example, to install OpenZeppelin Contracts:
brownie pm install OpenZeppelin/openzeppelin-contracts@3.0.0
That’s it! The installed package is now available for import within any of your projects:
pragma solidity ^0.6.00;import "OpenZeppelin/openzeppelin-contracts@3.0.0/contracts/math/SafeMath.sol";contract Foo {
...
No copying files, no remapping import paths, no thought about namespace collisions… it just works.
Packages can be retrieved from Github as well as ethPM. Any Github repository with tagged releases is a potential package. Along with OpenZeppelin you can install and build on other popular frameworks. For example, to add AragonOS as a package:
brownie pm install aragon/aragonOS@4.4.0
Of course not every repository will work — particularly those that depend on other NPM packages. This is a new feature and we’re still refining the process of interpreting repos as installable packages. If you run into issues installing a particular repository that you think should work, please join us on Gitter and we’ll see if we can find a solution.
Creating your own Package
Any Brownie project stored on Github can work as a package. Simply make a tagged release and it will be available for others to install. The package name is defined as:
[ORGANIZATION]/[REPOSITORY]@[VERSION]
If your project relies on other packages, you must also declare those dependencies within your configuration file:
dependencies:
- OpenZeppelin/openzeppelin-contracts@3.0.0
To Learn More…
Brownie v1.7.0
is a big release with a ton of new features and improvements! Watch for more articles soon outlining some of the cool things you can do, in both development and live environments. In the meantime you can follow the Brownie Twitter account, read our other Medium articles, and join us on Gitter.
And of course, if you haven’t tried Brownie yet…
pip install eth-brownie