A library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup.
- A critical vulnerability was found in an unreleased version of the Account contract. It was introduced in March 25th and has been patched as of June 1st. If you copied the Account contract code into your project during that period, please update to the patched version. Note that 0.1.0 users are not affected.
This repo contains highly experimental code. Expect rapid iteration. Use at your own risk.
Before installing Cairo on your machine, you need to install gmp
:
sudo apt install -y libgmp3-dev # linux
brew install gmp # mac
If you have any troubles installing gmp on your Apple M1 computer, here’s a list of potential solutions.
Create a directory for your project, then cd
into it and create a Python virtual environment.
mkdir my-project
cd my-project
python3 -m venv env
source env/bin/activate
Install the Nile development environment and then run init
to kickstart a new project. Nile will create the project directory structure and install the Cairo language, a local network, and a testing framework.
pip install cairo-nile
nile init
pip install openzeppelin-cairo-contracts
Presets are ready-to-use contracts that you can deploy right away. They also serve as examples of how to use library modules. Read more about presets.
# contracts/MyToken.cairo
%lang starknet
from openzeppelin.token.erc20.ERC20 import constructor
Compile and deploy it right away:
nile compile
nile deploy MyToken <name> <symbol> <decimals> <initial_supply> <recipient> --alias my_token
Note that
<initial_supply>
is expected to be two integers i.e.1
0
. See Uint256 for more information.
%lang starknet
from starkware.cairo.common.cairo_builtins import HashBuiltin
from starkware.cairo.common.uint256 import Uint256
from openzeppelin.security.pausable import Pausable
from openzeppelin.token.erc20.library import ERC20
(...)
@external
func transfer{
syscall_ptr : felt*,
pedersen_ptr : HashBuiltin*,
range_check_ptr
}(recipient: felt, amount: Uint256) -> (success: felt):
Pausable.assert_not_paused()
ERC20.transfer(recipient, amount)
return (TRUE)
end
- StarkNet official documentation
- Cairo language documentation
- Perama's Cairo by example
- Cairo 101 workshops
Clone the repository
git clone git@github.com:OpenZeppelin/cairo-contracts.git
cd
into it and create a Python virtual environment:
cd cairo-contracts
python3 -m venv env
source env/bin/activate
Install Nile:
pip install cairo-nile
nile install
nile compile --directory src
🤖 Compiling all Cairo contracts in the openzeppelin directory
🔨 Compiling openzeppelin/introspection/ERC165.cairo
🔨 Compiling openzeppelin/introspection/IERC165.cairo
🔨 Compiling openzeppelin/token/erc721/ERC721_Mintable_Burnable.cairo
🔨 Compiling openzeppelin/token/erc721/ERC721_Mintable_Pausable.cairo
🔨 Compiling openzeppelin/token/erc721/library.cairo
🔨 Compiling openzeppelin/token/erc721/interfaces/IERC721_Metadata.cairo
🔨 Compiling openzeppelin/token/erc721/interfaces/IERC721.cairo
🔨 Compiling openzeppelin/token/erc721/interfaces/IERC721_Receiver.cairo
🔨 Compiling openzeppelin/token/erc721/utils/ERC721_Holder.cairo
🔨 Compiling openzeppelin/token/erc20/ERC20_Mintable.cairo
🔨 Compiling openzeppelin/token/erc20/ERC20.cairo
🔨 Compiling openzeppelin/token/erc20/library.cairo
🔨 Compiling openzeppelin/token/erc20/ERC20_Pausable.cairo
🔨 Compiling openzeppelin/token/erc20/interfaces/IERC20.cairo
🔨 Compiling openzeppelin/token/erc721_enumerable/ERC721_Enumerable_Mintable_Burnable.cairo
🔨 Compiling openzeppelin/token/erc721_enumerable/library.cairo
🔨 Compiling openzeppelin/token/erc721_enumerable/interfaces/IERC721_Enumerable.cairo
🔨 Compiling openzeppelin/security/pausable.cairo
🔨 Compiling openzeppelin/security/safemath.cairo
🔨 Compiling openzeppelin/security/initializable.cairo
🔨 Compiling openzeppelin/access/ownable.cairo
🔨 Compiling openzeppelin/account/IAccount.cairo
🔨 Compiling openzeppelin/account/Account.cairo
🔨 Compiling openzeppelin/account/AddressRegistry.cairo
🔨 Compiling openzeppelin/utils/constants.cairo
✅ Done
Run tests using tox, tox automatically creates an isolated testing environment:
tox
====================== test session starts ======================
platform linux -- Python 3.7.2, pytest-7.1.2, py-1.11.0, pluggy-1.0.0
rootdir: /home/readme/cairo-contracts, configfile: tox.ini
plugins: asyncio-0.18.3, xdist-2.5.0, forked-1.4.0, web3-5.29.0, typeguard-2.13.3
asyncio: mode=auto
gw0 [185] / gw1 [185]
......................................................................................
......................................................................................
............ [100%]
For M1 users or those who are having trouble with library/python versions you can alternatively run the tests within a docker container. Using the following as a Dockerfile placed in the root directory of the project:
FROM python:3.7
RUN pip install tox
RUN mkdir cairo-contracts
COPY . cairo-contracts
WORKDIR cairo-contracts
ENTRYPOINT tox
After its placed there run:
docker build -t cairo-tests .
docker run cairo-tests
This repo utilizes the pytest-xdist plugin which runs tests in parallel. This feature increases testing speed; however, conflicts with a shared state can occur since tests do not run in order. To overcome this, independent cached versions of contracts being tested should be provisioned to each test case. Here's a simple fixture example:
from utils import get_contract_def, cached_contract
@pytest.fixture(scope='module')
def foo_factory():
# get contract definition
foo_def = get_contract_def('path/to/foo.cairo')
# deploy contract
starknet = await Starknet.empty()
foo = await starknet.deploy(contract_def=foo_def)
# copy the state and cache contract
state = starknet.state.copy()
cached_foo = cached_contract(state, foo_def, foo)
return cached_foo
See Memoization in the Utilities documentation for a more thorough example on caching contracts.
Note that this does not apply for stateless libraries such as SafeMath.
⚠️ Warning!⚠️ This project is still in a very early and experimental phase. It has never been audited nor thoroughly reviewed for security vulnerabilities. Do not use in production.
Refer to SECURITY.md for more details.
OpenZeppelin Contracts for Cairo exists thanks to its contributors. There are many ways you can participate and help build high quality software. Check out the contribution guide!
To keep the markdown files neat and easy to edit, we utilize DavidAnson's markdownlint linter. You can find the listed rules here. Note that the following rules are disabled:
-
MD013: line length
- to enable paragraphs without internal line breaks
-
MD033: inline HTML
- to enable .md files to have duplicate headers and separate them by identifiers
Before creating a PR, check that documentation changes are compliant with our markdown rules by running:
tox -e lint
OpenZeppelin Contracts for Cairo is released under the MIT License.