Are You Using AI In Your Job?

We want to understand the real-world applications of AL and ML in business and the impact it will have on all our jobs.

Want to help? Complete the survey, your insights could make a big difference. It will just take one minute.
You'll be the first to get access to the final report.-->

Why You Should Use OpenZeppelin’s Ownable Contract When Developing Web3 Dapps

Bobby Gill | January 5, 2023

When designing your web application, whether a Web2 app or a Web3 Dapp, restricting undesired access to crucial functionalities by configuring user access control and permission keeps these products safe.

In the Web3 world of smart contracts, access control and permissions are as important as ever: and OpenZeppelin’s suite of access control smart contracts enables Web3 developers to enforce permissions around smart contract operations that go beyond what is provided by Solidity visibility modifiers. 

OpenZeppelin’s suite of access control smart contracts provides developers with a single role-based access control contract called the Ownable contract. This article will help you understand its benefits, all of its components, and how to use it.

To understand this article, you will need a basic knowledge of smart contract development and Solidity. For more information, read our comprehensive guide on how to create a smart contract.

Benefits of Using OpenZeppelin’s Ownable Contract

Smart contracts can store real money so failing to secure them will have a huge impact on your company and your Dapp users. This is where the Ownable contract by OpenZeppelin comes in: it’s a simple library with several functions that provide flexibility in how you secure your smart contract. 

Here are the benefits of using OpenZeppelin’s Ownable Contract:

  • Security – restricts access to crucial functions to only the owner of the contract.
  • Ownership of contract – sets the ownership of the contract to the sender, the Ethereum account that deploys it.
  • Transferability – allows you to transfer the ownership of the contract to another Ethereum account.
  • Transparency – anyone can see the Ethereum account that controls the smart contract.
  • Robustness – code in the Ownable Contract has been tested by several programmers and is free of errors.
  • Code readability – helps you keep your code clean and avoid repeating condition statements.
  • Standardized access control code – most smart contract development projects use Ownable contract. Anyone who has once developed a Web3 project can easily read your source code and see what kind of special permission you defined in it. 

The Ownable Contract provides simple solutions for implementing single role-based access control in your contract. Internally, OpenZeppelin’s Ownable contract is just a set of modifiers and functions with a require statement aimed at securing a smart contract.

Understanding OpenZeppelin’s Ownable Contract: Use Cases

The Ownable Contract is used through inheritance. It will make available the onlyOwner modifier, which can be applied to your public functions to restrict their use to the owner. 

When you want to restrict access to your functions using OpenZeppelin’s code, you will need to attach the onlyOwner modifier to your functions, indicating that should not be called by others.

The Ownable Contract features the following:

  • A constructor that sets the contract’s owner to msg.sender, the account that deployed it.
  • An onlyOwner modifier, which restricts access to certain functions to the owner.
  • A function that allows you to transfer the contract to a new owner.
  • A function that returns the address of the contract owner.
  • A function for leaving a contract without an owner.

When you call a function with onlyOwner modifier, the code inside onlyOwner executes first. When it hits the _; statement in onlyOwner, it goes back and executes the code inside the function it’s attached to.

For more information on the Ownable Contract’s source code, you can visit its github repository and its official documentation after reading this article.

How to use OpenZeppelin’s Ownable contract

Before using OpenZeppelin’s Ownable Contract, always try to guess how users might hack your contract. Unless you attach a modifier like onlyOwner to some of your critical public and external functions, any user can call them and pass them any data they want to. 

For demonstration purposes, we will build a smart contract that stores a message to greet people who call our public function named contractGreeting(). Our smart contract will also feature a changeGreetingMessage() function that changes the stored message.

Given the fact that anyone can call our public functions, we don’t want everyone to be able to call the changeGreetingMessage() and change our positive message into a rude message. This is where the power of Ownable Contract will come into play. 

Here’s how you use the Ownable contract:

1. Go to your code editor.

2. Copy and paste the following code into your code editor(be it Remix IDE or Visual Studio):

// SPDX-License-Identifier: MIT
 
pragma solidity ^0.8;
 
contract WelcomeToWeb3 {
 
string message = "Welcome to Web3";
 
function contractGreeting() public view returns(string memory) {
return message;
}
 
function changeGreetingMessage(string memory _message) public {
message = _message;
}
}

3. Place the following statement before the contract statement:
import “@openzeppelin/contracts/access/Ownable.sol”;

Note: Remix can automatically import code from repositories, but as for other IDEs such as Visual Studio, you should first install OpenZeppelin’s library in your project before importing the Ownable Contract. You can use npm to install it as follows: 

$ npm install @openzeppelin/contracts

4. Next, modify your contract statement so it inherits from the Ownable Contract as follows:

WelcomeToWeb3  is Ownable {/* … */}

Note: In Solidity, a contract can inherit from multiple contracts. As e.g: contract ChildContract is Contract1, Contract2, Contract3 {/*…*/}

5. Once your contract inherits from Ownable Contract, attach the onlyOwner modifier to changeGreetingMessage().

6. Compile and deploy your smart contract. Remix will auto-generate buttons and text fields representing your functions including the functions imported from the Ownable Contract.

Now test changeGreetingMessage() by switching accounts. You will notice that only the owner of the contract, the account that deployed it, can call and edit the positive message.

If you perfectly completed the previous tasks, your secured code should be as follows:

// SPDX-License-Identifier: MIT
 
pragma solidity ^0.8;
 
import "@openzeppelin/contracts/access/Ownable.sol";
 
contract WelcomeToWeb3 is Ownable {
 
string message = "Welcome to Web3";
 
function contractGreeting() public view returns(string memory) {
return message;
}
 
function changeGreetingMessage(string memory _message) public onlyOwner {
message = _message;
}
}

Conclusion

OpenZeppelin’s Ownable Contract is a standard single role-based access control library for securing DApps. 

When it comes to security and permissions, it’s almost never a good idea to write your own implementation as the risk of security bugs is just too high.

Using OpenZeppelin during Web3 development and its set of smart contracts provides out-of-the-box security and role-based permissions that are easy to use, robust, and industry-tested.

Bobby Gill
Co-Founder & Chief Architect at BlueLabel | + posts

Get the latest from the Blue Label Labs’ blog in your inbox

Subscribe

* indicates required