Difference between revisions of "OpenZeppelin"
From CryptoWiki
m (1 revision imported) |
m (→Basics) |
||
Line 4: | Line 4: | ||
* Based in Argentina, the startup makes tools for fast, easy and secure [[smart contract]] development on the [[Ethereum (ETH)|Ethereum]] [[blockchain]]. | * Based in Argentina, the startup makes tools for fast, easy and secure [[smart contract]] development on the [[Ethereum (ETH)|Ethereum]] [[blockchain]]. | ||
* Gave a [https://forum.openzeppelin.com/t/introduction-to-the-flash-loan-pattern-and-its-security-considerations/2331 presentation] (22-2-2020) on ''<nowiki/>'the [[flash loan]] pattern and its security considerations'.'' | * Gave a [https://forum.openzeppelin.com/t/introduction-to-the-flash-loan-pattern-and-its-security-considerations/2331 presentation] (22-2-2020) on ''<nowiki/>'the [[flash loan]] pattern and its security considerations'.'' | ||
== Audits == | |||
* Also does security audits. [https://blog.openzeppelin.com/compound-finance-audit-summary/ Here is] one on [[Compound]]. | |||
*"''Developers working for startup OpenZeppelin [https://www.coindesk.com/vulnerability-fixed-in-facebook-contract-language-for-libra-cryptocurrency found] vulnerabilities in [[Move]]. “The vulnerability in the Move IR compiler allows malicious actors to introduce executable code to their smart contracts disguised as inline comments,” OpenZeppelin’s CEO [[Demian Brener]] told [[CoinDesk]]. Brener said the code was disclosed to Libra Aug. 6, with the Libra team evaluating and fixing the bug over the following month. As of Sept. 4, the patch was reviewed and confirmed to be fixed by OpenZeppelin."'' | |||
* [[ERC777]] had two exploits (19/20-4-2020), on which OpenZepplin [https://blog.openzeppelin.com/exploiting-uniswap-from-reentrancy-to-actual-profit/ published] an exploit on last summer. | |||
* [[Opyn]] had an audit by OpenZeppelin and still got hacked, however it was reported that the exploit [https://cryptobriefing.com/defi-options-protocol-opyn-hacked-371000-lost/ was outside] (5-8-2020) of the audit’s scope. | |||
*Audited the later hacked code ([https://twitter.com/Darrenlautf/status/1417493473385660433/photo/1 20-7-2021]) of [[Saddle]]. | |||
== Tech == | == Tech == | ||
* Is using [[Infura]], according to their [https://infura.io/ website] (13-4-2020). | * Is using [[Infura]], according to their [https://infura.io/ website] (13-4-2020). | ||
Line 19: | Line 26: | ||
''"Decentralized runtime security protocol for smart contracts, incubated by OpenZeppelin. Protocols, [[Decentralised Autonomous Organisation (DAO)|DAOs]], investors and individuals can use Forta to monitor transaction activity and receive alerts on security, financial, operational and governance related events on [[Layer One|Layer 1s]], [[Layer Two|Layer 2s]] and [[Sidechain|sidechains]]."'' | ''"Decentralized runtime security protocol for smart contracts, incubated by OpenZeppelin. Protocols, [[Decentralised Autonomous Organisation (DAO)|DAOs]], investors and individuals can use Forta to monitor transaction activity and receive alerts on security, financial, operational and governance related events on [[Layer One|Layer 1s]], [[Layer Two|Layer 2s]] and [[Sidechain|sidechains]]."'' | ||
== Usage == | == Usage == | ||
* Around [https://blog.goodaudience.com/chainlink-the-missing-piece-to-the-god-protocol-fd455dde92ab 95 percent] (1-11-2018) of [[Ethereum (ETH)|Ethereum]] [[smart contracts]] are built on [https://zeppelinos.org/ ZeppelinOS] libraries. | * Around [https://blog.goodaudience.com/chainlink-the-missing-piece-to-the-god-protocol-fd455dde92ab 95 percent] (1-11-2018) of [[Ethereum (ETH)|Ethereum]] [[smart contracts]] are built on [https://zeppelinos.org/ ZeppelinOS] libraries. | ||
Line 40: | Line 35: | ||
== Competition == | == Competition == | ||
== Pros and Cons == | == Pros and Cons == | ||
== Team, investors, | == Team, investors, Partners == | ||
=== Team === | === Team === |
Latest revision as of 03:56, 15 August 2022
Basics
- Aka ZeppelinOS
- Founded: 2015
- Based in Argentina, the startup makes tools for fast, easy and secure smart contract development on the Ethereum blockchain.
- Gave a presentation (22-2-2020) on 'the flash loan pattern and its security considerations'.
Audits
- Also does security audits. Here is one on Compound.
- "Developers working for startup OpenZeppelin found vulnerabilities in Move. “The vulnerability in the Move IR compiler allows malicious actors to introduce executable code to their smart contracts disguised as inline comments,” OpenZeppelin’s CEO Demian Brener told CoinDesk. Brener said the code was disclosed to Libra Aug. 6, with the Libra team evaluating and fixing the bug over the following month. As of Sept. 4, the patch was reviewed and confirmed to be fixed by OpenZeppelin."
- ERC777 had two exploits (19/20-4-2020), on which OpenZepplin published an exploit on last summer.
- Opyn had an audit by OpenZeppelin and still got hacked, however it was reported that the exploit was outside (5-8-2020) of the audit’s scope.
- Audited the later hacked code (20-7-2021) of Saddle.
Tech
Their Projects
Defender
"OpenZeppelin Defender allows projects to get products to market faster and minimize security risks by providing a development platform with built-in security best practices."
- It is free but closed source.
Forta
- From their announcement (30-9-2021):
"Decentralized runtime security protocol for smart contracts, incubated by OpenZeppelin. Protocols, DAOs, investors and individuals can use Forta to monitor transaction activity and receive alerts on security, financial, operational and governance related events on Layer 1s, Layer 2s and sidechains."
Usage
- Around 95 percent (1-11-2018) of Ethereum smart contracts are built on ZeppelinOS libraries.
Clients
- As of 7-2019: Brave, Augur, Ethereum Foundation, Coinbase, Compound, OmiseGo, Cosmos, Dfinity, Status, BitGo and ShapeShift, also (15-1-2020) Aave and (16-1-2020) PoolTogether.
- Has worked (12-2-2020) with Authereum (on Augur)
Competition
Pros and Cons
Team, investors, Partners
Team
- Team members are spread across multiple locations, including San Francisco, New York, Buenos Aires, Punta del Este, Melbourne, Milan, Tokyo, Moscow, San José de Costa Rica, and Toronto.
- Has a sizeable team, but doesn't say anything about each persons position in the company on their website.
- Demian Brener; CEO
- Austin Williams; security researcher
- Received (9-2019) an investment of from Coinbase.
Investors / Funding
- Started and is funding TPL Protocol
Partners
- Is named as part of the MetaCartel ecosystem (as of 1-2020 on the website)
- It partnered with Chainlink to enable its smart contracts to access data—like the current price of Ether and gas, transaction pool size, and average mining block times on the blockchain. “Outsourcing to a veteran oracle provider means that our team can focus on platform development rather than creating the oracle’s infrastructure,” Zeppelin said in a blog post. Announced: December 2017