v4.2.0

Read the full announcement in the blog!

---

• ERC20Votes: add a new extension of the ERC20 token with support for voting snapshots and delegation. (#2632)
• ERC20VotesComp: Variant of ERC20Votes that is compatible with Compound's Comp token interface but restricts supply to uint96. (#2706)
• ERC20Wrapper: add a new extension of the ERC20 token which wraps an underlying token. Deposit and withdraw guarantee that the total supply is backed by a corresponding amount of underlying token. (#2633)
• Enumerables: Improve gas cost of removal in EnumerableSet and EnumerableMap.
• Enumerables: Improve gas cost of lookup in EnumerableSet and EnumerableMap.
• Counter: add a reset method. (#2678)
• Tokens: Wrap definitely safe subtractions in unchecked blocks.
• Math: Add a ceilDiv method for performing ceiling division.
• ERC1155Supply: add a new ERC1155 extension that keeps track of the totalSupply of each tokenId. (#2593)
• BitMaps: add a new BitMaps library that provides a storage efficient datastructure for uint256 to bool mapping with contiguous keys. (#2710)

Breaking Changes

• ERC20FlashMint is no longer a Draft ERC. (#2673))

How to update: Change your import paths by removing the draft- prefix from @openzeppelin/contracts/token/ERC20/extensions/draft-ERC20FlashMint.sol.

See Releases and Stability: Drafts.

v4.1.0

Read the full announcement in the blog or check out the changelog.

• IERC20Metadata: add a new extended interface that includes the optional name(), symbol() and decimals() functions. (#2561)
• ERC777: make reception acquirement optional in _mint. (#2552)
• ERC20Permit: add a _useNonce to enable further usage of ERC712 signatures. (#2565)
• ERC20FlashMint: add an implementation of the ERC3156 extension for flash-minting ERC20 tokens. (#2543)
• SignatureChecker: add a signature verification library that supports both EOA and ERC1271 compliant contracts as signers. (#2532)
• Multicall: add abstract contract with multicall(bytes[] calldata data) function to bundle multiple calls together (#2608)
• ECDSA: add support for ERC2098 short-signatures. (#2582)
• AccessControl: add a onlyRole modifier to restrict specific function to callers bearing a specific role. (#2609)
• StorageSlot: add a library for reading and writing primitive types to specific storage slots. (#2542)
• UUPS Proxies: add UUPSUpgradeable to implement the UUPS proxy pattern together with EIP1967Proxy. (#2542)

v4.0.0

Read the full announcement in the blog or check out the changelog.

Note: Upgradeable contracts using OpenZeppelin Contracts 3.x cannot upgrade to 4.x.

Changelog

• Now targeting the 0.8.x line of Solidity compilers. For 0.6.x (resp 0.7.x) support, use version 3.4.0 (resp 3.4.0-solc-0.7) of OpenZeppelin.
• Context: making _msgData return bytes calldata instead of bytes memory (#2492)
• ERC20: removed the _setDecimals function and the storage slot associated to decimals. (#2502)
• Strings: addition of a toHexString function. (#2504)
• EnumerableMap: change implementation to optimize for key → value lookups instead of enumeration. (#2518)
• GSN: deprecate GSNv1 support in favor of upcoming support for GSNv2. (#2521)
• ERC165: remove uses of storage in the base ERC165 implementation. ERC165 based contracts now use storage-less virtual functions. Old behavior remains available in the ERC165Storage extension. (#2505)
• Initializable: make initializer check stricter during construction. (#2531)
• ERC721: remove enumerability of tokens from the base implementation. This feature is now provided separately through the ERC721Enumerable extension. (#2511)
• AccessControl: removed enumerability by default for a more lightweight contract. It is now opt-in through AccessControlEnumerable. (#2512)
• Meta Transactions: add ERC2771Context and a MinimalForwarder for meta-transactions. (#2508)
• Overall reorganization of the contract folder to improve clarity and discoverability. (#2503)
• ERC20Capped: optimize gas usage by enforcing the check directly in _mint. (#2524)
• Rename UpgradeableProxy to ERC1967Proxy. (#2547)
• ERC777: optimize the gas costs of the constructor. (#2551)
• ERC721URIStorage: add a new extension that implements the _setTokenURI behavior as it was available in 3.4.0. (#2555)
• AccessControl: added ERC165 interface detection. (#2562)
• ERC1155: make uri public so overloading function can call it using super. (#2576)

v4.0.0-beta.0

A beta release for Solidity 0.8. Read the announcement in the forum.

v3.4.0

Read the full announcement in the blog or check out the changelog.

Security Fixes

• ERC777: fix potential reentrancy issues for custom extensions to ERC777. (#2483)

If you're using our implementation of ERC777 from version 3.3.0 or earlier, and you define a custom _beforeTokenTransfer function that writes to a storage variable, you may be vulnerable to a reentrancy attack. If you're affected and would like assistance please write to security@openzeppelin.com. Read more in the pull request.

v3.3.0

Read the full announcement in the forum or check out the changelog.

• Now supports both Solidity 0.6 and 0.7. Compiling with solc 0.7 will result in warnings. Install the solc-0.7 tag to compile without warnings.
• TimelockController: added a contract to augment access control schemes with a delay. (#2354)
• Address: added functionStaticCall, similar to the existing functionCall. (#2333)
• EnumerableSet: added Bytes32Set, for sets of bytes32. (#2395)