chainlink usa listingsAlex Behrens: Understanding OpenZeppelin Contracts, Defender, and Wizard

@emurgocardano-message-signing-nodejs Message Signing. This is a library that implements the CIP-0008 message signing spec for the Cardano blockchain.. The library is composed of structs for deserializing the CBOR defined in CIP-0008COSE which lays at the core of the protocol, mostly defined in, as well as many helper utilities for more specific cases useful to CIP-0008.These are mostly Bitcoin Cash BCH Price, Real-time Quote News - Google Get the latest Bitcoin Cash BCH USD real-time quote, historical performance, charts, and other cryptocurrency information to help you make more informed trading and chainlink usa listings Alex Behrens: Understanding OpenZeppelin Contracts, Defender, and Wizard
chainlink usa listings VeChain Financial Report - Q4CY22 - Reddit It s... Alex Behrens: Understanding OpenZeppelin Contracts, Defender, and Wizard
awesome uh that was amazing austin by the way um hi everyone hope youre having a great friday my name is alex barrons i recently joined open zeppelin and i have product marketing for them um a bit about me i um used to work at hedera hashgraph and i recently re-entered the decentralized space im actually got connected to open zeppelin um from twitter so never underestimate the power of a dm today im going to be covering a 2021 open zeppelin recap and an overview of our latest integration with the keeper network weve been shipping a ton of new products and services this year so we want to make sure that the community has a good grasp on what were up to so our mission at open zeppelin is to protect the open economy we do this by providing products and services that let you ship faster with lower risks um our main offerings are contracts audits and defender most of you have probably heard of open zeppelin contracts which is the first building block for many people building in ethereum today open zeppelin also performs security audits securing some of the biggest projects in the space you can you can also check out our public reports on our blog finally a year and a half ago we launched open zeppelin defender which provides a secure platform for automating your smart contract operations um i wanted to share first an analysis that we recently did of our penetration into the d5 pulse index thats 115 projects one was admitted um because we couldnt find stats from them uh but we found that 68 of the top projects are using open zeppelin services which we just thought was completely crazy and um really just an amazing thing to find out um to put this in context though um opens up one is helping secure 72 billion out of the total 88 billion dollars that is currently locked in d5 protocols um or 82 percent of the total tlv um moving on im going to start off with an overview of our contracts over the past year so contracts have been the core of our business um since its inception um and although we did add contracts 3.4 this year im only going to be focusing on the version four of our contracts for this presentation um we are incredibly proud to announce that we passed four million downloads of contracts this year um as you can see our contracts team has been super super busy shipping releases almost every month of this year kicking off with uh 4.2 we released our 4.0 that we released in march this release only supports solidity 0.8 optimizations um the new features will not be backported to previous solidity versions 0.8 marks the end of the safe math era as overflow checks are now built into the compiler that said safe math is still available in a repo as a wrapper over the built-in overflow checks this release introduces a number of breaking changes and most notably a reorganization of contracts in our directory so watch out for that um 4.1 was released in april this release implemented two major features uups proxies and the multi-call contracts as most of you know since the berlin upgrade theres been significantly increased cost of transparent proxies this new update to contracts allows you to choose a custom proxy pattern that supports ups proxies then in june we released 4.2 of the open zeppelin contracts library introducing our latest work on governance contracts um our team has been super super excited um to share this as well as 4.3 is also going to cover governance and thats going to come out very soon and we are so pumped to show that 4.2 though released erc 20 votes and erc 20 votes comp uh extensions for erc 20 token including vote delegation mechanisms essential for voting in governance systems like compounds governor alpha and governor bravo additionally this release introduced gas cost reductions new helper functions and the arc20 wrapper extension last month we also introduced the open zeppelin subgraphs library a library for building out modular dense subgraphs on top of our contracts offering um but what are con what are subgraphs for those who dont know subgraphs enable developers to build discoverable apis by pulling data indexed from ethereum and other blockchains um instead of building proprietary centralized servers dabs can limit their back-end work by simply integrating the subgraphs apis um we chose to specifically create dense subgraphs and this is viewed as one of one of the more important aspects of building subgraphs um in in the community so this is generally done by linking data types within a subgraph and pulling metadata from within the object by heavily linking by by indexing using heavily linked data types youll have more information to work with for analysis and debugging which improves outcomes for developers of course we support several modules from our contracts library in the subgraphs so we support erc20 erc erc721 erc1155 ownable access control possible and time lock and each module includes a schema with corresponding entities a data source template that listens to events and indexing logic in assembly script um our subgraphs can also be assembled manually or use a compiler tool now to download any of these libraries simply npm these listed libraries um and if you have questions or issues feel free to reach out to us on the zebra form but be sure to check out the docs first and then last thing for contracts im super super super excited to present um wizard we came out with this earlier in the year but we havent really publicized it much and it is by far the fastest and safest way to build contracts in 2021 so as you can see here with wizards intuitive interface you can create contracts leveraging the open zeppelin contracts library we support erc20 721 and 1155 and we are committed to keeping wizard updated with all of our latest releases including our upcoming governance release this tool is perfect for power users and beginners alike that are just getting into the space we think that this tool is going to be just super powerful for anyone who wants to quickly build a smart contract also if you head over to our github you can embed wizard into any website using a simple script tag triwizard at so go and head over there if you are interested next up is our audits update so this year our team completed our 200th audit we have a full slate for this next year and look forward to the next milestone in q2 of this year our team conducted 13 audits for top projects nine of which were published publicly these latter um audits the latter public audits are available on our blog ill have a link to that at the end of the audit section we also recently welcomed a number of new auditors and a new head of security to our audits team coming to us from ernest and young where he led their blockchain security department so heres our schedule for this year this is just the public audits so of course this is an incomplete list that said we should be adding two more public audits that should come out very soon here um to give an example of the issues that our audit team tackles id like to highlight a vulnerability from fae labs so on sunday may 2nd in 2021 uh faye identified an economic vulnerability in their uh fey eve uniswap pool this vulnerability if an attacker was to take out a flash loan trade a large amount of east for faye on the pha you know swap uh pair and increase the price of faye they could then allocate the function on the call they could then call the allocate function on the bonding curve which adds liquidity to the fed each pair reinforcing the inflated price then they would sell the fee bought in step one back to the fed eath pair for the premium pay back the eth loan and keep the profits as an excess um fortunately fey labs reached out to us and we checked the vulnerability validated it and they quickly paused um trading on the bonding curve which prevented the exploit from being possible there were no funds lost and this is kind of a best-case scenario for these types of situations so read any of our audits um you can head over to blog i know its slash security apologies for that um we are also hosting a secure development workshop we have already had two sessions so the third session will be on august 26th but you can use that short link there to join that um and we will be posting recordings um and recaps of this content on our blog the feedback that weve gotten from these sessions has been really really great so if you are trying to get better at secure development and solidity i highly encourage you to join these sessions finally we have defender um our secure platform for smart contract administration and automation um defender allows teams to focus on the unique product features rather than security so we take care of all of these smart contract operations and automations that you might be having to normally build yourself administration mistakes on protocols and applications put users at risk with defender you can seamlessly manage all of this administration including access controls upgrades and pausing defender is trusted by top projects like ave balancer foundation and more theres a couple main components to defender first theres admin which you upload your smart contracts into and admin acts as an interface to manage these contracts through one or more multi-sig contracts that are fully controlled by these hiders keys so admin itself has no control over your system then theres relays which take care of private key storage transaction signing nonce management gas price estimation and resubmissions if you combine relays with auto task which ill get to in one second this means that you can automate just about all of your transactions inside defender which is incredibly powerful auto tasks allow you to automate your operations using a small javascript code snippet on a scheduled basis or triggering them via a public web hook or sentinel event tight integration with relay and sentinels allows you to use auto tasks to send transactions to to react to events or automate regular workflows on your contracts sentinels monitor transactions on your contracts by using defined conditions on events functions and transaction parameters set tools can detect direct calls internal transaction or events emitted by your contracts you can choose to be notified via slack email telegram discord or push data to datadog and execute an auto task in response to a notification so as you can see you can pretty much manage your entire operation via defender weve been rapidly trying to update defender to make sure that is the best and most secure possible platform but weve also been listening to our users and trying to introduce features that they would like so with that said im going to run through our change log for the last year in april we added support for auto task conditions in sentinels this means that if an auto task condition is specified it can be called via a list of matches in a given block and return any transactions that match custom logic auto task conditions can cross reference other data sources query on chain states apply custom matching logic and decorate notifications with custom metadata then in may we add support for accessing key value stores and auto tasks and the ability to query the latest transactions sent via relayer our second may update contained a lot of features um which im not going to completely run through but we just a couple to give you an idea is manual replacement of free layers vr api uh more visible active admin proposals and the ability to create notices safes on all of our networks um then in june we added the ability to manually cancel pending relayer transactions and the ability to time lock admin proposals via the timelock controller which allows teams to further systematize administration like directly inside defender recently we added to the time lock contract as well as did a complete ui overhaul so if you check out defender and you go into admin and you manage contracts you can see a beautiful new uh management system that gives you a much better idea of what is in your application finally um we have chain-link keeper network so last month we added support for the keeper network directly inside defender and weve been super pleased to see whatever everybodys been building as well as improving the the ui of the process so in case you didnt know chain link keyboard network is a secure way to outsource contract operations to a decentralized network of professional devops for critical functions chain link leverages a decentralized pool of keeper nodes so that teams can more securely automate maintenance removing centralized processes and by using the keeper network via defender you can further scale your decentralized application operations without sacrificing security so these two use cases were provided by chain link and this is ave and synthetics but im going to run through another list of additional uses that you all might find interesting first of which is executing limit orders on decentralized exchanges minting tokens when reserves increased harvesting yield from volts rebasing elastic supply tokens triggering automated trading strategies liquidating under collateralized loans which is what ave is doing in this example releasing locked assets after periods of inactivity and topping out token balances that fall below a minimum threshold this is just a sample list im sure that the community has come up with far far more interesting and crazy use cases already um so this is how you actually go inside of defender and register an updo contract you can see the ui on the right there its super pretty we are very proud of that um first you deploy the upkeep contract and verify the code on ether scan then when you up upload the contract to defender defender will automatically recognize the upgrade contract and prompt you to begin registration with chain link if it is on the test net registration should be instant but if youre going for mainnet then registration should take a little bit and theres some forms that you need to fill out once approved youll see your upkeep id link balance active status jobs pending and last executions you can also deposit link directly inside defenders so the entire keeper process can just take place there to make sure that your upkeeps are funded with link defender has you covered as you can see in this infographic you can manually fund your upkeep via defender but if you have multiple upkeeps this can get tricky this codes this um as you can see in this diagram um it calls the upkeep ids every five minutes to get the upkeep function and check the balance if its below a certain threshold link will be sent via relayer if you keep the funds in a single relayer this can be used to manage all of your different upkeeps ill pause here for a few seconds but this is the code that is powering um this auto task this might be a little bit tiny on on your screen but the key values to recognize here is the upkeep ids that are being funded the minimum balance and the refill value so the balance is under the specified value then the refill function will run if youre relying on upkeeps to power your application then downtime is of course probably not acceptable by combining sentinels and auto tasks you can check to make sure your contracts are being funded in this case a sentinel will monitor events in the registry filtering for your upkeep fd then an auto task will check the value of the contract if the value is at specified amount and it will be returned to a sentinel where notification will be sent depending on your logic there this is the code snippet that makes this happen and im going to pause here for one second so you can read this alrighty um that is pretty much it to learn more about the chain link keeper network and defender check out these links here um we also have a technical walkthrough of what i just detailed there up on our youtube and i cant wait to see what guys are going to build additionally we are hiring um so so you check out our website and view that short link to make sure that you see if any of these roles are right for you thank you everyone i look forward to see what youre building and we are going to continue protecting the open economy feel free to reach out if you have any questions via twitter email and the q a thanks awesome thank you so much alex i know i personally relied on the contracts that opens up on offers to like get up to speed on what smart contracts look like back when i was uh getting started uh and the fact that defenders already integrated with the chairman keeper network is amazing a bunch of people comment in the chat that the integration theyre really glad the integration exists you Alex Behrens, Technical Product Marketing Manager from OpenZeppelin, presented at SmartCon and detailed the latest technical updates across OpenZeppelin Contract, Defender, and Wizard, including Defenders integration of Chainlink Automation formerly known as Chainlink Keepers.Learn more about how OpenZeppelin Defender gets enhanced functionality by using Chainlink Automation: Check out other presentations from our complete Smart Contract Summit 1 playlist: Chainlink is the industry standard oracle network for powering hybrid smart contracts. Chainlink Decentralized Oracle Networks provide developers with the largest collection of high-quality data sources and secure off-chain computations to expand the capabilities of smart contracts on any blockchain. Learn more about Chainlink: Website: Docs: Twitter: Discord: Newsletter: Telegram: Talk to an expert: