// the find
OpenZeppelin/openzeppelin-contracts
OpenZeppelin Contracts is a library for secure smart contract development.
The de facto standard library for Solidity smart contract development. If you're writing ERC20/721/1155 tokens, governance contracts, proxy patterns, or access control, you're almost certainly using this or should be. Maintained by OpenZeppelin with regular third-party audits and a formal bug bounty.
- Audit trail is exceptional — every major release has a corresponding PDF audit in the repo, going back to 2017, with recent audits covering v5.x increments. This is rare and valuable.
- The composable extension pattern (base contract + mix-in extensions via inheritance) is genuinely well-designed; you get only what you import, no dead bytecode bloat.
- Test coverage is thorough with both unit tests and formal verification workflows in CI, and mock contracts are provided for every major component which makes integration testing straightforward.
- The release tagging system (latest/dev/next with clear audit status per tag) is a practical solution to the 'is this safe to use?' question that most libraries ignore entirely.
- The Foundry installation path is a footgun: forge installs a tagged release but forge update silently switches to master, which the README warns about but many people will miss until they've already done it in production.
- Major version storage layout incompatibility (e.g. v4 → v5 upgradeable contracts) is a hard migration cliff. The warning exists but the tooling to help you detect or migrate affected storage is not in this repo.
- Several contracts and interfaces still carry 'draft-' prefixes for standards that have been finalized or are widely deployed (ERC7579, ERC7821), which creates confusion about production readiness.
- The governance module (Governor + extensions) is powerful but the combinatorial explosion of extension mixins makes it easy to assemble a configuration that compiles but has subtle security properties — there's no tooling or linter to warn you about dangerous combinations.