Merge branch 'master' into feature/ERC777-#1159

.eslintrc

@@ -1,22 +1,23 @@
 {
   "extends" : [
     "standard",
-    "plugin:promise/recommended"
+    "plugin:promise/recommended",
   ],
   "plugins": [
-    "promise"
+    "mocha-no-only",
+    "promise",
   ],
   "env": {
     "browser" : true,
     "node"    : true,
     "mocha"   : true,
-    "jest"    : true
+    "jest"    : true,
   },
   "globals" : {
     "artifacts": false,
     "contract": false,
     "assert": false,
-    "web3": false
+    "web3": false,
   },
   "rules": {
 
@@ -49,6 +50,8 @@
     "semi": ["error", "always"],
     "space-before-function-paren": ["error", "always"],
 
+    "mocha-no-only/mocha-no-only": ["error"],
+
     "promise/always-return": "off",
     "promise/avoid-new": "off",
   }

.github/ISSUE_TEMPLATE/bug_report.md

@@ -6,7 +6,7 @@ about: Report a bug in OpenZeppelin
 
 <!-- Briefly describe the issue you're experiencing. Tell us what you were trying to do and what happened instead. -->
 
-<!-- Remember, this is not a place to ask for help debugging code. For that, we welcome you in the OpenZeppelin Slack channel: https://slack.openzeppelin.org/. -->
+<!-- Remember, this is not a place to ask for help debugging code. For that, we welcome you in the Zeppelin Forum: https://forum.zeppelin.solutions/. -->
 
 **💻 Environment**
 

.github/PULL_REQUEST_TEMPLATE.md

@@ -15,6 +15,8 @@ Fixes #
   - reviewed the OpenZeppelin Contributor Guidelines
     (https://github.com/OpenZeppelin/openzeppelin-solidity/blob/master/CONTRIBUTING.md),
   - added tests where applicable to test new functionality,
-  - made sure that your contracts are well-documented, and
-  - run the JS/Solidity linters and fixed any issues (`npm run lint:fix`).
+  - made sure that your contracts are well-documented,
+  - run the Solidity linter (`npm run lint:sol`) and fixed any issues,
+  - run the JS linter and fixed any issues (`npm run lint:fix`), and
+  - updated the changelog, if applicable.
 -->

.gitignore

@@ -32,8 +32,11 @@ npm-debug.log
 # truffle build directory
 build/
 
-# lol macs
-.DS_Store/
+# macOS
+.DS_Store
 
 # truffle
 .node-xmlhttprequest-*
+
+# IntelliJ IDE
+.idea

.solhint.json

@@ -0,0 +1,11 @@
+{
+  "extends": "default",
+  "rules": {
+    "indent": ["error", 4],
+
+    "bracket-align": false,
+    "compiler-fixed": false,
+    "no-simple-event-func-name": false,
+    "two-lines-top-level-separator": false
+  }
+}

.travis.yml

@@ -15,29 +15,26 @@ jobs:
   # --elopio - 20180531
   fast_finish: true
   allow_failures:
-    - env: SOLIDITY_COVERAGE=true
     - env: SOLC_NIGHTLY=true
   include:
-    # Run the unit test suite three times in parallel.
-    # The first one gets results faster and is the only one required to pass.
-    # The second one generates the coverage report.
-    # The third one is to keep us informed about possible issues with the
-    # upcoming solidity release.
     - stage: tests
-      name: "unit tests"
+      name: "Linter"
+      script: npm run lint
+
+    - stage: tests
+      name: "Unit tests"
       script: npm run test
+
     - stage: tests
-      name: "unit tests with coverage"
+      name: "Unit tests with coverage report"
       script: npm run test
       env: SOLIDITY_COVERAGE=true
+
     - stage: tests
-      name: "unit tests with solc nightly"
+      name: "Unit tests using solc nightly"
       script: npm run test
       env: SOLC_NIGHTLY=true
-    # solidity and javascript style tests.
-    - stage: tests
-      name: "static tests"
-      script: npm run lint
+
     - stage: update docs
       if: tag =~ ^v[0-9]+\.[0-9]+\.[0-9]+$
       addons:

CHANGELOG.md

@@ -0,0 +1,60 @@
+# Changelog
+
+## 2.2.0 (2019-03-14)
+
+### New features:
+ * `ERC20Snapshot`: create snapshots on demand of the token balances and total supply, to later retrieve and e.g. calculate dividends at a past time. ([#1617](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1617))
+ * `SafeERC20`: `ERC20` contracts with no return value (i.e. that revert on failure) are now supported. ([#1655](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1655))
+ * `ERC20`: added internal `_approve(address owner, address spender, uint256 value)`, allowing derived contracts to set the allowance of arbitrary accounts. ([#1609](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1609))
+ * `ERC20Metadata`: added internal `_setTokenURI(string memory tokenURI)`. ([#1618](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1618))
+ * `TimedCrowdsale`: added internal `_extendTime(uint256 newClosingTime)` as well as `TimedCrowdsaleExtended(uint256 prevClosingTime, uint256 newClosingTime)` event allowing to extend the crowdsale, as long as it hasn't already closed.
+
+### Improvements:
+ * Upgraded the minimum compiler version to v0.5.2: this removes many Solidity warnings that were false positives. ([#1606](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1606))
+ * `ECDSA`: `recover` no longer accepts malleable signatures (those using upper-range values for `s`, or 0/1 for `v`). ([#1622](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1622))
+ * `ERC721`'s transfers are now more gas efficient due to removal of unnecessary `SafeMath` calls. ([#1610](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1610))
+ * `Counter`'s API has been improved, and is now used by `ERC721` (though it is still in `drafts`). ([#1610](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1610))
+ * Fixed variable shadowing issues. ([#1606](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1606))
+
+### Bugfixes:
+ * (minor) `SafeERC20`: `safeApprove` wasn't properly checking for a zero allowance when attempting to set a non-zero allowance. ([#1647](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1647))
+
+### Breaking changes:
+ * `TokenMetadata` (in drafts) has been renamed to `ERC20Metadata`. ([#1618](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1618))
+
+## 2.1.3 (2019-02-26)
+ * Backported `SafeERC20.safeApprove` bugfix. ([#1647](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1647))
+
+## 2.1.2 (2019-01-17)
+ * Removed most of the test suite from the npm package, except `PublicRole.behavior.js`, which may be useful to users testing their own `Roles`.
+
+## 2.1.1 (2019-01-04)
+ * Version bump to avoid conflict in the npm registry.
+
+## 2.1.0 (2019-01-04)
+
+### New features:
+ * Now targeting the 0.5.x line of Solidity compilers. For 0.4.24 support, use version 2.0 of OpenZeppelin.
+ * `WhitelistCrowdsale`: a crowdsale where only whitelisted accounts (`WhitelistedRole`) can purchase tokens. Adding or removing accounts from the whitelist is done by whitelist admins (`WhitelistAdminRole`). Similar to the pre-2.0 `WhitelistedCrowdsale`. ([#1525](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1525), [#1589](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1589))
+ * `RefundablePostDeliveryCrowdsale`: replacement for `RefundableCrowdsale` (deprecated, see below) where tokens are only granted once the crowdsale ends (if it meets its goal). ([#1543](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1543))
+ * `PausableCrowdsale`: allows for pausers (`PauserRole`) to pause token purchases. Other crowdsale operations (e.g. withdrawals and refunds, if applicable) are not affected. ([#832](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/832))
+ * `ERC20`: `transferFrom` and `_burnFrom ` now emit `Approval` events, to represent the token's state comprehensively through events. ([#1524](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1524))
+ * `ERC721`: added `_burn(uint256 tokenId)`, replacing the similar deprecated function (see below). ([#1550](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1550))
+ * `ERC721`: added `_tokensOfOwner(address owner)`, allowing to internally retrieve the array of an account's owned tokens. ([#1522](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1522))
+ * Crowdsales: all constructors are now `public`, meaning it is not necessary to extend these contracts in order to deploy them. The exception is `FinalizableCrowdsale`, since it is meaningless unless extended. ([#1564](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1564))
+ * `SignedSafeMath`: added overflow-safe operations for signed integers (`int256`). ([#1559](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1559), [#1588](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1588))
+
+### Improvements:
+ * The compiler version required by `Array` was behind the rest of the libray so it was updated to `v0.4.24`. ([#1553](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1553))
+ * Now conforming to a 4-space indentation code style. ([1508](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1508))
+ * `ERC20`: more gas efficient due to removed redundant `require`s. ([#1409](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1409))
+ * `ERC721`: fixed a bug that prevented internal data structures from being properly cleaned, missing potential gas refunds. ([#1539](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1539) and [#1549](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1549))
+ * `ERC721`: general gas savings on `transferFrom`, `_mint` and `_burn`, due to redudant `require`s and `SSTORE`s. ([#1549](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1549))
+
+### Bugfixes:
+
+### Breaking changes:
+
+### Deprecations:
+ * `ERC721._burn(address owner, uint256 tokenId)`: due to the `owner` parameter being unnecessary. ([#1550](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1550))
+ * `RefundableCrowdsale`: due to trading abuse potential on crowdsales that miss their goal. ([#1543](https://github.com/OpenZeppelin/openzeppelin-solidity/pull/1543))

CODE_STYLE.md

@@ -16,11 +16,14 @@ Any exception or additions specific to our project are documented below.
 
 * Try to avoid acronyms and abbreviations.
 
+* All state variables should be private.
+
 * Private state variables should have an underscore prefix.
 
     ```
     contract TestContract {
       uint256 private _privateVar;
+      uint256 internal _internalVar;
     }
     ```
 

README.md

@@ -1,8 +1,8 @@
 # <img src="logo.png" alt="OpenZeppelin" width="400px">
 
 [![NPM Package](https://img.shields.io/npm/v/openzeppelin-solidity.svg?style=flat-square)](https://www.npmjs.org/package/openzeppelin-solidity)
-[![Build Status](https://img.shields.io/travis/OpenZeppelin/openzeppelin-solidity.svg?branch=master&style=flat-square)](https://travis-ci.org/OpenZeppelin/openzeppelin-solidity)
-[![Coverage Status](https://img.shields.io/coveralls/github/OpenZeppelin/openzeppelin-solidity/master.svg?style=flat-square)](https://coveralls.io/github/OpenZeppelin/openzeppelin-solidity?branch=master)
+[![Build Status](https://travis-ci.com/OpenZeppelin/openzeppelin-solidity.svg?branch=master)](https://travis-ci.com/OpenZeppelin/openzeppelin-solidity)
+[![Coverage Status](https://coveralls.io/repos/github/OpenZeppelin/openzeppelin-solidity/badge.svg?branch=master)](https://coveralls.io/github/OpenZeppelin/openzeppelin-solidity?branch=master)
 
 **OpenZeppelin is a library for secure smart contract development.** It provides implementations of standards like ERC20 and ERC721 which you can deploy as-is or extend to suit your needs, as well as Solidity components to build custom contracts and more complex decentralized systems.
 
@@ -12,14 +12,14 @@
 npm install openzeppelin-solidity
 ```
 
-If you're interested in trying out a preview of OpenZeppelin 2.0, install `openzeppelin-solidity@next`, check out the [release notes](https://github.com/OpenZeppelin/openzeppelin-solidity/releases/tag/v2.0.0-rc.1), and let us know what you think!
+OpenZeppelin features a stable API, which means your contracts won't break unexpectedly when upgrading to a newer minor version. You can read ṫhe details in our [API Stability](https://forum.zeppelin.solutions/t/api-stability/138) document.
 
 ## Usage
 
 To write your custom contracts, import ours and extend them through inheritance.
 
 ```solidity
-pragma solidity ^0.4.24;
+pragma solidity ^0.5.0;
 
 import 'openzeppelin-solidity/contracts/token/ERC721/ERC721Full.sol';
 import 'openzeppelin-solidity/contracts/token/ERC721/ERC721Mintable.sol';
@@ -32,14 +32,16 @@ contract MyNFT is ERC721Full, ERC721Mintable {
 
 > You need an ethereum development framework for the above import statements to work! Check out these guides for [Truffle] or [Embark].
 
-On our site you will find a few [guides] to learn about the diferent parts of OpenZeppelin, as well as [documentation for the API][API docs]. Keep in mind that the API docs are work in progress, and don’t hesitate to ask questions in [our Slack][Slack].
+On our site you will find a few [guides] to learn about the different parts of OpenZeppelin, as well as [documentation for the API][API docs]. Keep in mind that the API docs are work in progress, and don’t hesitate to ask questions in [our forum][forum].
 
 ## Security
 
 OpenZeppelin the project is maintained by [Zeppelin] the company, and developed following our high standards for code quality and security. OpenZeppelin is meant to provide tested and community-audited code, but please use common sense when doing anything that deals with real money! We take no responsibility for your implementation decisions and any security problems you might experience.
 
 The core development principles and strategies that OpenZeppelin is based on include: security in depth, simple and modular code, clarity-driven naming conventions, comprehensive unit testing, pre-and-post-condition sanity checks, code consistency, and regular audits.
 
+The latest audit was done on October 2018 on version 2.0.0.
+
 Please report any security issues you find to [email protected].
 
 ## Contribute
@@ -53,7 +55,7 @@ OpenZeppelin is released under the [MIT License](LICENSE).
 
 [API docs]: https://openzeppelin.org/api/docs/token_ERC721_ERC721BasicToken.html
 [guides]: https://openzeppelin.org/api/docs/get-started.html
-[Slack]: https://slack.openzeppelin.org
+[forum]: https://forum.zeppelin.solutions
 [Zeppelin]: https://zeppelin.solutions
 [contribution guide]: CONTRIBUTING.md
 [Truffle]: https://truffleframework.com/docs/truffle/quickstart

RELEASING.md

@@ -34,19 +34,13 @@ git push upstream vX.Y.Z-rc.R
 
 Draft the release notes in our [GitHub releases](https://github.com/OpenZeppelin/openzeppelin-solidity/releases). Make sure to mark it as a pre-release! Try to be consistent with our previous release notes in the title and format of the text. Release candidates don't need a detailed changelog, but make sure to include a link to GitHub's compare page.
 
-Before publishing on npm you need to generate the build artifacts. This is not done automatically at the moment because of a bug in Truffle. Since some of the contracts should not be included in the package, this is a _hairy_ process that you need to do with care.
-
-1. Delete the `contracts/mocks` and `contracts/examples` directories.
-2. Run `truffle compile`. (Note that the Truffle process may never exit and you will have to interrupt it.)
-3. Recover the directories using `git checkout`. It doesn't matter if you do this now or later.
-
-Once the CI run for the new tag is green, publish on npm under the `next` tag.
+Once the CI run for the new tag is green, publish on npm under the `next` tag. You should see the contracts compile automatically.
 
 ```
 npm publish --tag next
 ```
 
-Publish the release notes on GitHub and ask our community manager to announce the release candidate on at least Slack and Twitter.
+Publish the release notes on GitHub and the forum, and ask our community manager to announce the release candidate on at least Twitter.
 
 ## Creating the final release
 
@@ -57,24 +51,21 @@ git checkout release-vX.Y.Z
 git pull upstream
 ```
 
+Before starting the release process, make one final commit to CHANGELOG.md, including the date of the release.
+
 Change the version string in `package.json`, `package-lock.json` and `ethpm.json` removing the "-rc.R" suffix. Commit these changes and tag the commit as `vX.Y.Z`.
 
 ```
 git add package.json package-lock.json ethpm.json
 git commit -m "Release vX.Y.Z"
 git tag -a vX.Y.Z
+git push upstream release-vX.Y.Z
 git push upstream vX.Y.Z
 ```
 
 Draft the release notes in GitHub releases. Try to be consistent with our previous release notes in the title and format of the text. Make sure to include a detailed changelog.
 
-Before publishing on npm you need to generate the build artifacts. This is not done automatically at the moment because of a bug in Truffle. Since some of the contracts should not be included in the package, this is a _hairy_ process that you need to do with care.
-
-1. Delete the `contracts/mocks` and `contracts/examples` directories.
-2. Run `truffle compile`. (Note that the Truffle process may never exit and you will have to interrupt it.)
-3. Recover the directories using `git checkout`. It doesn't matter if you do this now or later.
-
-Once the CI run for the new tag is green, publish on npm.
+Once the CI run for the new tag is green, publish on npm. You should see the contracts compile automatically.
 
 ```
 npm publish

contracts/ARCHITECTURE.md

@@ -12,7 +12,7 @@ The following provides visibility into how OpenZeppelin's contracts are organize
 - **introspection**  - An interface that can be used to make a contract comply with the ERC-165 standard as well as a contract that implements ERC-165 using a lookup table.
 - **lifecycle** - A collection of base contracts used to manage the existence and behavior of your contracts and their funds.
 - **math** - Libraries with safety checks on operations that throw on errors.
-- **mocks** - A collection of abstract contracts that are primarily used for unit testing. They also serve as good usage examples and demonstrate how to combine contracts with inheritence when developing your own custom applications.
+- **mocks** - A collection of abstract contracts that are primarily used for unit testing. They also serve as good usage examples and demonstrate how to combine contracts with inheritance when developing your own custom applications.
 - **ownership** - A collection of smart contracts that can be used to manage contract and token ownership
 - **payment** - A collection of smart contracts that can be used to manage payments through escrow arrangements, withdrawals, and claims. Includes support for both single payees and multiple payees.
 - **proposals** - A collection of smart contracts that reflect community Ethereum Improvement Proposals (EIPs). These contracts are under development and standardization. They are not recommended for production, but they are useful for experimentation with pending EIP standards. Go [here](https://github.com/OpenZeppelin/openzeppelin-solidity/wiki/ERC-Process) for more information.