This page is incomplete. We’re working to improve it for the next release. Stay tuned!

ERC 20


This contract can be used to migrate an ERC20 token from one contract to another, where each token holder has to opt-in to the migration. To opt-in, users must approve for this contract the number of tokens they want to migrate. Once the allowance is set up, anyone can trigger the migration to the new token contract. In this way, token holders "turn in" their old balance and will be minted an equal amount in the new token. The new token contract must be mintable. For the precise interface refer to OpenZeppelin’s ERC20Mintable, but the only functions that are needed are MinterRole.isMinter and ERC20Mintable.mint. The migrator will check that it is a minter for the token. The balance from the legacy token will be transferred to the migrator, as it is migrated, and remain there forever. Although this contract can be used in many different scenarios, the main motivation was to provide a way to migrate ERC20 tokens into an upgradeable version of it using ZeppelinOS. To read more about how this can be done using this implementation, please follow the official documentation site of ZeppelinOS: https://docs.zeppelinos.org/docs/erc20_onboarding.html

Example of usage:

const migrator = await ERC20Migrator.new(legacyToken.address);
await newToken.addMinter(migrator.address);
await migrator.beginMigration(newToken.address);

constructor(contract IERC20 legacyToken)

legacyToken() → contract IERC20

Returns the legacy token that is being migrated.

newToken() → contract IERC20

Returns the new token to which we are migrating.

beginMigration(contract ERC20Mintable newToken_)

Begins the migration by setting which is the new token that will be minted. This contract must be a minter for the new token.

migrate(address account, uint256 amount)

Transfers part of an account’s balance in the old token to this contract, and mints the same amount of new tokens for that account.

migrateAll(address account)

Transfers all of an account’s allowed balance in the old token to this contract, and mints the same amount of new tokens for that account.


Inspired by Jordi Baylina’s MiniMeToken to record historical balances.

When a snapshot is made, the balances and total supply at the time of the snapshot are recorded for later access.

To make a snapshot, call the Snapshot function, which will emit the Snapshot event and return a snapshot id. To get the total supply from a snapshot, call the function totalSupplyAt with the snapshot id. To get the balance of an account from a snapshot, call the balanceOfAt function with the snapshot id and the account address.

snapshot() → uint256

balanceOfAt(address account, uint256 snapshotId) → uint256

totalSupplyAt(uint256 snapshotId) → uint256

_transfer(address from, address to, uint256 value)

_mint(address account, uint256 value)

_burn(address account, uint256 value)

Snapshot(uint256 id)


A token holder contract that can release its token balance gradually like a typical vesting scheme, with a cliff and vesting period. Optionally revocable by the owner.


constructor(address beneficiary, uint256 start, uint256 cliffDuration, uint256 duration, bool revocable)

Creates a vesting contract that vests its balance of any ERC20 token to the beneficiary, gradually in a linear fashion until start + duration. By then all of the balance will have vested.

beneficiary() → address

cliff() → uint256

start() → uint256

duration() → uint256

revocable() → bool

released(address token) → uint256

revoked(address token) → bool

release(contract IERC20 token)

revoke(contract IERC20 token)

TokensReleased(address token, uint256 amount)

TokenVestingRevoked(address token)



Provides counters that can only be incremented or decremented by one. This can be used e.g. to track the number of elements in a mapping, issuing ERC721 ids, or counting request ids.

Include with using Counters for Counters.Counter; Since it is not possible to overflow a 256 bit integer with increments of one, increment can skip the SafeMath overflow check, thereby saving gas. This does assume however correct usage, in that the underlying _value is never directly accessed.

current(struct Counters.Counter counter) → uint256

increment(struct Counters.Counter counter)

decrement(struct Counters.Counter counter)


SignatureBouncer allows users to submit a signature as a permission to do an action. If the signature is from one of the authorized signer addresses, the signature is valid. Note that SignatureBouncer offers no protection against replay attacks, users must add this themselves!

Signer addresses can be individual servers signing grants or different users within a decentralized club that have permission to invite other members. This technique is useful for whitelists and airdrops; instead of putting all valid addresses on-chain, simply sign a grant of the form keccak256(abi.encodePacked(:contractAddress + :granteeAddress)) using a valid signer address. Then restrict access to your crowdsale/whitelist/airdrop using the onlyValidSignature modifier (or implement your own using _isValidSignature). In addition to onlyValidSignature, onlyValidSignatureAndMethod and onlyValidSignatureAndData can be used to restrict access to only a given method or a given method with given parameters respectively. See the tests in SignatureBouncer.test.js for specific usage examples.

onlyValidSignature(bytes signature)

Requires that a valid signature of a signer was provided.

onlyValidSignatureAndMethod(bytes signature)

Requires that a valid signature with a specified method of a signer was provided.

onlyValidSignatureAndData(bytes signature)

Requires that a valid signature with a specified method and params of a signer was provided.


_isValidSignature(address account, bytes signature) → bool

is the signature of this + account from a signer?

_isValidSignatureAndMethod(address account, bytes signature) → bool

is the signature of this + account + methodId from a signer?

_isValidSignatureAndData(address account, bytes signature) → bool

is the signature of this + account + methodId + params(s) from a signer?

_isValidDataHash(bytes32 hash, bytes signature) → bool

Internal function to convert a hash to an eth signed message and then recover the signature and check it against the signer role.


Signed math operations with safety checks that revert on error.

mul(int256 a, int256 b) → int256

Multiplies two signed integers, reverts on overflow.

div(int256 a, int256 b) → int256

Integer division of two signed integers truncating the quotient, reverts on division by zero.

sub(int256 a, int256 b) → int256

Subtracts two signed integers, reverts on overflow.

add(int256 a, int256 b) → int256

Adds two signed integers, reverts on overflow.

ERC 1046