Create an ERC20 Token using Zeppelin & EthPM

OpenZeppelin (or Zeppelin for short) is a very cool library that provides tools and examples for implementing common Ethereum/Solidity patterns.

The popular framework Truffle has connected with EthPM, a package manager for Solidity, similar to Javascript’s NPM. With Truffle, EthPM and Solidity, secure ERC20 tokens can be quickly written, tested and deployed!

Prerequisites

EthPM works as part of the Truffle framework, so first we’re going to set up a Truffle project. If you’ve already got one set up, you can skip to the next section.

If you don’t have Truffle installed yet, you need to take care of that first. Run the following command to install it:

npm install -g truffle

(realistically, you’re going to need to run sudo npm install -g truffle)

Now create a new directory and enter it…

mkdir ethereumProject
cd ethereumProject

…and initialize a Truffle project in this empty directory:

truffle init 

Alternatively, you can use a Truffle Box as a starting point. If you want to build a React dApp with your contract, use this:

truffle unbox react

Installing the Zeppelin package with EthPM

Unlike NPM, which is used with the eponymous npm CLI application, EthPM is built into the Truffle framework. Packages are installed using the following command:

truffle install <package name>

So for us to install Zepelin, we would use this command:

truffle install zeppelin

This adds the Zeppelin library to the new installed_contracts directory in the root of your Truffle project. You can think of installed_contracts for EthPM like node_modules for NPM.

Creating ERC20 Tokens with Zeppelin

Zeppelin includes two interfaces for writing token contracts. The first is ERC20, which is the standard interface that we all love. Zeppelin also includes a contract called ERC20Basic, which is a slimmed down version version of ERC20, described in ERC179.

The following example imports the Zeppelin ERC20 interface and uses it in our new token contract:

pragma solidity ^0.4.11;
import 'zeppelin/contracts/math/SafeMath.sol';
import 'zeppelin/contracts/token/ERC20.sol';
contract ExampleCoin is ERC20 {
  using SafeMath for uint256;
  string public symbol = "EXAMPLE";
  string public name = "ExampleCoin";
  uint8 public decimals = 18;
  mapping (address => uint256) balances;
  mapping (address => mapping (address => uint256)) allowed;
  function ExampleCoin() public {
    balances[msg.sender] = 1000 * (10 ** uint256(decimals));
    totalSupply = 1000 * (10 ** uint256(decimals));
  }
}

You’ll notice that we also imported the SafeMath library from Zeppelin and applied it to uint256. This is always a good idea to avoid overflow attacks and other errors.

Now, this contract won’t work, it won’t even compile! You must implement all the functions described by the ERC20 interface.

But wait! Zeppelin also provides a fully-implemented version of a simple ERC20 contract. Using the abstract StandardToken contract, we can have a fully-functioning Token in only 11 lines of code!

pragma solidity ^0.4.11;
import 'zeppelin/contracts/token/StandardToken.sol';
contract ExampleCoin is StandardToken {
  string public symbol = "EXAMPLE";
  string public name = "ExampleCoin";
  uint8 public decimals = 18;
  function ExampleCoin() public {
    balances[msg.sender] = 1000 * (10 ** uint256(decimals));
    totalSupply = 1000 * (10 ** uint256(decimals));
  }
}

There you have it! A complete ERC20 contract!

What else can I build with Zeppelin?

The OpenZeppelin library is full of well-written and well-tested contracts, interfaces and libraries for Solidity. These are your building blocks for building Ethereum applications, depending on the Zeppelin library will save you time and keep your applications secure.

Here’s some other contracts included that you might want to take a look at:

• SampleCrowdsale: A good example contract to look at if you’re interested in launching an ICO.
• Ownable: Implements a common Solidity pattern where a contract is “owned” by one address, and the ownership can be transferred to others.
• ReentrancyGuard: If your contract is calling functions on external contracts, you need to be aware of reentrancy attacks. Use the tools in this contract to guard against these types of attacks.