Are you a seasoned smart contract developer or a regular subscriber to the "Patrick collins" youtube channel? Then you probably have heard about OpenZeppelin, or even used some solutions and products by this amazing web3 company. Just in case you are a first-timer, like in any formal gathering, I'll give you a rundown of OpenZeppelin, just basically what they do, and finally, we would talk about the " OpenZeppelin Defender " product in detail.
What is OpenZeppelin
The standard for secure blockchain applications. OpenZeppelin provides security products to build, automate, and operate decentralized applications. They also protect leading organizations by performing security audits on their systems and products. Cool yeah? Openzeppelin provides standard interfaces that smart contract developers can use to build tokens of various ERC standards.
Build Secure Smart Contracts in Solidity
OpenZeppelin Contracts helps you minimize risk by using battle-tested libraries of smart contracts for Ethereum and other blockchains. It includes the most used implementations of ERC standards. If you are feeling like you've been doing things the wrong way, now is the time to repent, get started with using Openzeppelin contracts today.
Now you know a little bit about openzeppelin, it's about time to talk about Openzeppelin Defender. Going further I'll be referring to "Openzeppelin Defender " as just "defender". Defender is a web application that helps you to manage your already deployed smart contract with lower risk, on most EVM-compatible chains. Defender comes with four different sub-features which include admin, relay, autotask, and sentinel. We'll go through each of these sub-features one after the other and in another blog post, I'll explain how to use these individual sub-features.
The admin feature in defender provides an interface to automate and secure all your smart contract administration. Administration mistakes on protocols and applications put user funds at risk. With Defender Admin, you can seamlessly manage all smart contract administration including access controls, upgrades, and pausing. And one exciting thing is that it works with popular multi-sigs including Gnosis Safe. With admin, you get to add contracts using the address and create proposals.
A proposal is basically a request to make certain administrative function calls to the contract. It would typically include functions from your contract that modifies the state of your contract. To get the best out of this feature, it's recommended that your contract is EIP-1967 compliant. You can still add a contract to Defender Admin and run admin operations on it. Proposals must be approved by all admins before the function in there can be executed.
The Defender Relay service allows you to send transactions via a simple HTTP API or directly from your Autotasks, via unique accounts assigned exclusively to you. Relay takes care of private key secure storage, transaction signing, nonce management, gas price estimation, and resubmissions. Another good side is, all your transactions are broadcasted through multiple network providers for high availability. With relayers in the picture, you don’t need to worry about securing your private keys in your backend scripts or monitoring your transactions to ensure they get mined. Relayers are perfect solutions for most back-end tasks such as air-dropping NFTs, moving funds, and administrative management for your protocol. In conclusion, relay eliminates the need to use private keys which usually would serve as a signer or provider on your back-end during transaction calls.
The sentinel services offer transaction monitoring capabilities to your smart contracts based on certain pre-defined conditions. Conditions could be when an event has been triggered, a function has been called, or transaction calls with certain critical parameters. You can use Sentinel to report to the government a suspicious transaction that has occurred. Sentinels do not stop a transaction from occurring, they basically let you know certain conditions were met during a transaction or function call. For instance, you want to get an alert when an address deposits a particular amount of ether to your contract. Notifications to such triggers can be gotten via email, slack, discord, datadog, or telegram.
Defender provides components that you probably have written yourself, you should consider moving that to a more secure and battle-tested platform and save yourself the thought of things going wrong with your implementation. To me, the defender is a mini cloud service provider and another awesome web2/3 implementation.
Lastly, if any of these four components interests you and would want to ensure I make a dedicated blog post for each of them, leave a comment below and that would make sure they would leave my drafts. See you on the other side 🇳🇬.