cw721-base have moved to the new
cw-nfts repo and can be
Note: most of the
cw20-* contracts besides
cw20-base have moved to the new
cw-tokens repo and can be followed there.
This is a collection of specification and contracts designed for use on real networks. They are designed not just as examples, but to solve real-world use cases, and to provide a reusable basis to build many custom contracts.
Warning None of these contracts have been audited and no liability is assumed for the use of this code. They are provided to turbo-start your projects.
The most reusable components are the various cwXYZ specifications under
packages. Each one defines a standard
interface for different domains, e.g. cw20 for fungible tokens,
cw721 for non-fungible tokens,
cw1 for "proxy contracts", etc. The interface comes with a human description in the READMEs,
as well as Rust types that can be imported.
They contain no logic, but specify an interface. It shows what you need to implement to create a compatible contracts, as well as what interface we guarantee to any consumer of such contracts. This is the real bonus of specifications, we can create an escrow contract that can handle many different fungible tokens, as long as they all adhere to the cw20 specification.
We provide sample contracts that either implement or consume these specifications to both provide examples, and provide
a basis for code you can extend for more custom contacts, without worrying about reinventing the wheel each time. For
cw20-base is a basic implementation of a
cw20 compatible contract that can be
imported in any custom contract you want to build on it.
CW1 Proxy Contracts:
cw1-whitelista minimal implementation of
cw1mainly designed for reference.
cw1-subkeysa simple, but useful implementation, which lets us use a proxy contract to provide "allowances" for native tokens without modifying the
cw3-fixed-multisiga simple implementation of the cw3 spec. It is a multisig with a fixed set of addresses, created upon initialization. Each address may have the same weight (K of N), or some may have extra voting power. This works much like the native Cosmos SDK multisig, except that rather than aggregating the signatures off chain and submitting the final result, we aggregate the approvals on-chain.
cw3-flex-multisigbuilds on cw3-fixed-multisig, with a more powerful implementation of the cw3 spec. It's a multisig contract backed by a cw4 (group) contract, which independently maintains the voter set.
cw4-groupa basic implementation of the cw4 spec. It handles elected membership, by admin or multisig. It fulfills all elements of the spec, including raw query lookups, and is designed to be used as a backing storage for cw3 compliant contracts.
cw4-stakea second implementation of the cw4 spec. It fulfills all elements of the spec, including raw query lookups, and is designed to be used as a backing storage for cw3 compliant contracts. It provides a similar API to [
cw4-group], but rather than appointing members, their membership and weight are based on the number of staked tokens they have.
CW20 Fungible Tokens:
cw20-basea straightforward, but complete implementation of the cw20 spec along with all extensions. Can be deployed as-is, or imported by other contracts.
To compile all the contracts, run the following in the repo root:
docker run --rm -v "$(pwd)":/code \ --mount type=volume,source="$(basename "$(pwd)")_cache",target=/code/target \ --mount type=volume,source=registry_cache,target=/usr/local/cargo/registry \ cosmwasm/workspace-optimizer:0.12.9
This will compile all packages in the
contracts directory and output the stripped and optimized wasm code under the
artifacts directory as output, along with a
If you hit any issues there and want to debug, you can try to run the following in each contract dir:
RUSTFLAGS="-C link-arg=-s" cargo build --release --target=wasm32-unknown-unknown --locked
One of the basic metrics of assurance over code quality is how much is covered by unit tests. There are several tools available for Rust to do such analysis and we will describe one below. This should be used as a baseline metric to give some confidence in the code.
Beyond code coverage metrics, just having a robust PR review process with a few more trained eyes looking for bugs is very helpful in detecting paths the original coder was not aware of. This is more subjective, but looking at the relevant PRs and depth of discussion can give an idea how much review was present.
After that, fuzzing it (ideally with an intelligent fuzzer that understands the domain) can be valuable. And beyond that formal verification can provide even more assurance (but is very time-consuming and expensive).
I recommend the use of tarpaulin:
cargo install cargo-tarpaulin
To get some nice interactive charts, you can go to the root directory and run:
cargo tarpaulin -o html and then
xdg-open tarpaulin-report.html (or just
open on MacOS).
Once you find a package that you want to improve, you can do the following to just analyze this package, which gives much faster turn-around:
cargo tarpaulin -o html --packages cw3-fixed-multisig
Note that it will produce a code coverage report for the entire project, but only the coverage in that package is the real value. If does give quick feedback for you if you unit test writing was successful.
See our Contributing Guidelines.
To generate a changelog we decided to use github-changelog-generator.
To install tool you need Ruby's
gem package manager.
$ gem --user install github_changelog_generator
$HOME/.gem/ruby/*/bin/ into your PATH.
Generating changelog file first time:
$ github_changelog_generator -u CosmWasm -p cw-plus
Appending next releases could be done adding
$ github_changelog_generator -u CosmWasm -p cw-plus --base CHANGELOG.md
If you hit GitHub's 50 requests/hour limit, please follow
this guide to create a token
key which you can pass using
There's also a convenience
scripts/update_changelog.sh, which can take a --since-tag parameter (to avoid processing
the entire history). It can also auto-detect the latest version tag for you, with --latest-tag.
This repo is licensed under Apache 2.0.
All specifications will always be Apache-2.0. All contracts that are meant to be building blocks will also be Apache-2.0. This is along the lines of Open Zeppelin or other public references.