OpenZeppelin · Amxx · Sep 29, 2025 · Oct 6, 2025 · Oct 6, 2025 · Oct 10, 2025
@@ -87,7 +87,7 @@
 
 ### Pragma changes
 
-- Reduced pragma requirement of interface files
+- Reduced pragma requirement of interface files.
 
 ### Changes by category
 

@@ -36,7 +36,7 @@ interface IAccessManager {
      *
      * NOTE: The meaning of the `since` argument depends on the `newMember` argument.
      * If the role is granted to a new member, the `since` argument indicates when the account becomes a member of the role,
-     * otherwise it indicates the execution delay for this account and roleId is updated.
+     * otherwise it indicates the timestamp when the execution delay update takes effect for this account and roleId.
      */
     event RoleGranted(uint64 indexed roleId, address indexed account, uint32 delay, uint48 since, bool newMember);
 
@@ -196,6 +196,7 @@ interface IAccessManager {
      * Requirements:
      *
      * - the caller must be a global admin
+     * - `roleId` must not be the `ADMIN_ROLE` or `PUBLIC_ROLE`
      *
      * Emits a {RoleLabel} event.
      */
@@ -254,6 +255,10 @@ interface IAccessManager {
      * Requirements:
      *
      * - the caller must be a global admin
+     * - `roleId` must not be the `ADMIN_ROLE` or `PUBLIC_ROLE`
+     *
+     * NOTE: Setting `admin` to the `PUBLIC_ROLE` is allowed, but the target `roleId` itself
+     * must not be a locked role (`ADMIN_ROLE` or `PUBLIC_ROLE`).
      *
      * Emits a {RoleAdminChanged} event
      */
@@ -265,6 +270,10 @@ interface IAccessManager {
      * Requirements:
      *
      * - the caller must be a global admin
+     * - `roleId` must not be the `ADMIN_ROLE` or `PUBLIC_ROLE`
+     *
+     * NOTE: Setting `guardian` to the `PUBLIC_ROLE` is allowed, but the target `roleId` itself
+     * must not be a locked role (`ADMIN_ROLE` or `PUBLIC_ROLE`).
      *
      * Emits a {RoleGuardianChanged} event
      */
@@ -276,6 +285,7 @@ interface IAccessManager {
      * Requirements:
      *
      * - the caller must be a global admin
+     * - `roleId` must not be the `PUBLIC_ROLE`
      *
      * Emits a {RoleGrantDelayChanged} event.
      */

@@ -400,7 +400,7 @@ abstract contract AccountERC7579 is Account, IERC1271, IERC7579Execution, IERC75
      * actual copy. However, this would require `_installModule` to get a calldata bytes object instead of a memory
      * bytes object. This would prevent calling `_installModule` from a contract constructor and would force the use
      * of external initializers. That may change in the future, as most accounts will probably be deployed as
-     * clones/proxy/ERC-7702 delegates and therefore rely on initializers anyway.
+     * clones/proxy/EIP-7702 delegates and therefore rely on initializers anyway.
      */
     function _decodeFallbackData(
         bytes memory data

@@ -6,7 +6,7 @@ pragma solidity ^0.8.20;
 /**
  * @dev Library with common EIP-7702 utility functions.
  *
- * See https://eips.ethereum.org/EIPS/eip-7702[ERC-7702].
+ * See https://eips.ethereum.org/EIPS/eip-7702[EIP-7702].
  */
 library EIP7702Utils {
     bytes3 internal constant EIP7702_PREFIX = 0xef0100;

@@ -7,7 +7,6 @@ import {AccessControl} from "../access/AccessControl.sol";
 import {ERC721Holder} from "../token/ERC721/utils/ERC721Holder.sol";
 import {ERC1155Holder} from "../token/ERC1155/utils/ERC1155Holder.sol";
 import {Address} from "../utils/Address.sol";
-import {IERC165} from "../utils/introspection/ERC165.sol";
 
 /**
  * @dev Contract module which acts as a timelocked controller. When set as the
@@ -155,7 +154,7 @@ contract TimelockController is AccessControl, ERC721Holder, ERC1155Holder {
      */
     receive() external payable virtual {}
 
-    /// @inheritdoc IERC165
+    /// @inheritdoc AccessControl
     function supportsInterface(
         bytes4 interfaceId
     ) public view virtual override(AccessControl, ERC1155Holder) returns (bool) {

@@ -6,7 +6,7 @@ pragma solidity ^0.8.20;
 import {Context} from "../utils/Context.sol";
 
 /**
- * @dev Context variant with ERC-2771 support.
+ * @dev Context variant with ERC-2771 support. See {_msgSender} for the calldata format.
  *
  * WARNING: Avoid using this pattern in contracts that rely on a specific calldata length as they'll
  * be affected by any forwarder whose `msg.data` is suffixed with the `from` address according to the ERC-2771

@@ -5,10 +5,6 @@ pragma solidity ^0.8.21;
 import {ERC1967Utils} from "../proxy/ERC1967/ERC1967Utils.sol";
 import {StorageSlot} from "../utils/StorageSlot.sol";
 
-abstract contract Impl {
-    function version() public pure virtual returns (string memory);
-}
-
 contract DummyImplementation {
     uint256 public value;
     string public text;

@@ -81,7 +81,7 @@ abstract contract AccountWebAuthnMock is Account, SignerWebAuthn, ERC7739, ERC78
     }
 }
 
-abstract contract AccountERC7702Mock is Account, SignerEIP7702, ERC7739, ERC7821, ERC721Holder, ERC1155Holder {
+abstract contract AccountEIP7702Mock is Account, SignerEIP7702, ERC7739, ERC7821, ERC721Holder, ERC1155Holder {
     /// @inheritdoc ERC7821
     function _erc7821AuthorizedExecutor(
         address caller,
@@ -92,7 +92,7 @@ abstract contract AccountERC7702Mock is Account, SignerEIP7702, ERC7739, ERC7821
     }
 }
 
-abstract contract AccountERC7702WithModulesMock is
+abstract contract AccountEIP7702WithModulesMock is
     Account,
     AccountERC7579,
     SignerEIP7702,
@@ -119,7 +119,7 @@ abstract contract AccountERC7702WithModulesMock is
         return erc7739magic == bytes4(0xffffffff) ? AccountERC7579.isValidSignature(hash, signature) : erc7739magic;
     }
 
-    /// @dev Enable signature using the ERC-7702 signer.
+    /// @dev Enable signature using the EIP-7702 signer.
     function _rawSignatureValidation(
         bytes32 hash,
         bytes calldata signature

@@ -57,7 +57,7 @@ abstract contract ERC4626Fees is ERC4626 {
         }
     }
 
-    /// @dev Send exit fee to {_exitFeeRecipient}. See {IERC4626-_deposit}.
+    /// @dev Send exit fee to {_exitFeeRecipient}. See {IERC4626-_withdraw}.
     function _withdraw(
         address caller,
         address receiver,

@@ -1,4 +1,4 @@
-// contracts/MyAccountERC7702.sol
+// contracts/MyAccountEIP7702.sol
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.20;
 
@@ -8,7 +8,7 @@ import {ERC1155Holder} from "../../../token/ERC1155/utils/ERC1155Holder.sol";
 import {ERC7821} from "../../../account/extensions/draft-ERC7821.sol";
 import {SignerEIP7702} from "../../../utils/cryptography/signers/SignerEIP7702.sol";
 
-contract MyAccountERC7702 is Account, SignerEIP7702, ERC7821, ERC721Holder, ERC1155Holder {
+contract MyAccountEIP7702 is Account, SignerEIP7702, ERC7821, ERC721Holder, ERC1155Holder {
     /// @dev Allows the entry point as an authorized executor.
     function _erc7821AuthorizedExecutor(
         address caller,

@@ -3,8 +3,8 @@
 pragma solidity ^0.8.20;
 
 /**
- * @dev Implementation contract with a payable changeAdmin(address) function made to clash with
- * TransparentUpgradeableProxy's to test correct functioning of the Transparent Proxy feature.
+ * @dev Implementation contract with a payable upgradeToAndCall(address,bytes) function made to clash with
+ * TransparentUpgradeableProxy's interface to test correct functioning of the Transparent Proxy pattern.
  */
 contract ClashingImplementation {
     event ClashingImplementationCall();

@@ -86,7 +86,7 @@ library ERC1967Utils {
      * @dev Returns the current admin.
      *
      * TIP: To get this value clients can read directly from the storage slot shown below (specified by ERC-1967) using
-     * the https://eth.wiki/json-rpc/API#eth_getstorageat[`eth_getStorageAt`] RPC call.
+     * the https://ethereum.org/developers/docs/apis/json-rpc/#eth_getstorageat[`eth_getStorageAt`] RPC call.
      * `0xb53127684a568b3173ae13b9f8a6016e243e63b6e8ee1178d6a717850b5d6103`
      */
     function getAdmin() internal view returns (address) {

@@ -21,10 +21,10 @@ There are two alternative ways to add upgradeability to an ERC-1967 proxy. Their
 
 CAUTION: Using upgradeable proxies correctly and securely is a difficult task that requires deep knowledge of the proxy pattern, Solidity, and the EVM. Unless you want a lot of low level control, we recommend using the xref:upgrades-plugins::index.adoc[OpenZeppelin Upgrades Plugins] for Hardhat and Foundry.
 
-A different family of proxies are beacon proxies. This pattern, popularized by Dharma, allows multiple proxies to be upgraded to a different implementation in a single transaction.
+A different family of proxies is beacon proxies. This pattern, popularized by Dharma, allows multiple proxies to be upgraded to a different implementation in a single transaction.
 
 - {BeaconProxy}: A proxy that retrieves its implementation from a beacon contract.
-- {UpgradeableBeacon}: A beacon contract with a built in admin that can upgrade the {BeaconProxy} pointing to it.
+- {UpgradeableBeacon}: A beacon contract with a built-in admin that can upgrade the {BeaconProxy} pointing to it.
 
 In this pattern, the proxy contract doesn't hold the implementation address in storage like an ERC-1967 proxy. Instead, the address is stored in a separate beacon contract. The `upgrade` operations are sent to the beacon instead of to the proxy contract, and all proxies that follow that beacon are automatically upgraded.
 

@@ -68,14 +68,10 @@ abstract contract ERC20FlashMint is ERC20, IERC3156FlashLender {
      * @dev Returns the fee applied when doing flash loans. By default this
      * implementation has 0 fees. This function can be overloaded to make
      * the flash loan mechanism deflationary.
-     * @param token The token to be flash loaned.
-     * @param value The amount of tokens to be loaned.
+     *
      * @return The fees applied to the corresponding flash loan.
      */
-    function _flashFee(address token, uint256 value) internal view virtual returns (uint256) {
-        // silence warning about unused variable without the addition of bytecode.
-        token;
-        value;
+    function _flashFee(address /*token*/, uint256 /*value*/) internal view virtual returns (uint256) {
         return 0;
     }
 

@@ -84,12 +84,12 @@ abstract contract ERC4626 is ERC20, IERC4626 {
     error ERC4626ExceededMaxMint(address receiver, uint256 shares, uint256 max);
 
     /**
-     * @dev Attempted to withdraw more assets than the max amount for `receiver`.
+     * @dev Attempted to withdraw more assets than the max amount for `owner`.
      */
     error ERC4626ExceededMaxWithdraw(address owner, uint256 assets, uint256 max);
 
     /**
-     * @dev Attempted to redeem more shares than the max amount for `receiver`.
+     * @dev Attempted to redeem more shares than the max amount for `owner`.
      */
     error ERC4626ExceededMaxRedeem(address owner, uint256 shares, uint256 max);
 

@@ -153,7 +153,8 @@ abstract contract ERC721Enumerable is ERC721, IERC721Enumerable {
     }
 
     /**
-     * See {ERC721-_increaseBalance}. We need that to account tokens that were minted in batch
+     * See {ERC721-_increaseBalance}. We need to forbid batch minting because the enumeration
+     * extension does not support it.
      */
     function _increaseBalance(address account, uint128 amount) internal virtual override {
         if (amount > 0) {

@@ -15,7 +15,7 @@ library LowLevelCall {
         return callNoReturn(target, 0, data);
     }
 
-    /// @dev Same as {callNoReturn}, but allows to specify the value to be sent in the call.
+    /// @dev Same as {xref-LowLevelCall-callNoReturn-address-uint256-bytes-}[`callNoReturn`], but allows to specify the value to be sent in the call.
     function callNoReturn(address target, uint256 value, bytes memory data) internal returns (bool success) {
         assembly ("memory-safe") {
             success := call(gas(), target, value, add(data, 0x20), mload(data), 0x00, 0x00)
@@ -34,7 +34,7 @@ library LowLevelCall {
         return callReturn64Bytes(target, 0, data);
     }
 
-    /// @dev Same as {callReturnBytes32Pair}, but allows to specify the value to be sent in the call.
+    /// @dev Same as {xref-LowLevelCall-callReturn64Bytes-address-uint256-bytes-}[`callReturn64Bytes`], but allows to specify the value to be sent in the call.
     function callReturn64Bytes(
         address target,
         uint256 value,

@@ -73,8 +73,8 @@ library SignatureChecker {
             // Encoded calldata is :
             // [ 0x00 - 0x03 ] <selector>
             // [ 0x04 - 0x23 ] <hash>
-            // [ 0x24 - 0x44 ] <signature offset> (0x40)
-            // [ 0x44 - 0x64 ] <signature length>
+            // [ 0x24 - 0x43 ] <signature offset> (0x40)
+            // [ 0x44 - 0x63 ] <signature length>
             // [ 0x64 - ...  ] <signature data>
             let ptr := mload(0x40)
             mstore(ptr, selector)

@@ -7,7 +7,7 @@ import {AbstractSigner} from "./AbstractSigner.sol";
 import {ECDSA} from "../ECDSA.sol";
 
 /**
- * @dev Implementation of {AbstractSigner} for implementation for an EOA. Useful for ERC-7702 accounts.
+ * @dev Implementation of {AbstractSigner} for implementation for an EOA. Useful for EIP-7702 accounts.
  *
  * @custom:stateless
  */

@@ -13,7 +13,7 @@ import {IERC7913SignatureVerifier} from "../../../interfaces/IERC7913.sol";
  * The key is expected to be a 64-byte concatenation of the P256 public key coordinates (qx || qy).
  * The signature is expected to be an abi-encoded {WebAuthn-WebAuthnAuth} struct.
  *
- * Uses {WebAuthn-verifyMinimal} for signature verification, which performs the essential
+ * Uses {WebAuthn-verify} for signature verification, which performs the essential
  * WebAuthn checks: type validation, challenge matching, and cryptographic signature verification.
  *
  * NOTE: Wallets that may require default P256 validation may install a P256 verifier separately.

@@ -18,12 +18,12 @@ pragma solidity ^0.8.20;
  */
 library SafeCast {
     /**
-     * @dev Value doesn't fit in an uint of `bits` size.
+     * @dev Value doesn't fit in a uint of `bits` size.
      */
     error SafeCastOverflowedUintDowncast(uint8 bits, uint256 value);
 
     /**
-     * @dev An int value doesn't fit in an uint of `bits` size.
+     * @dev An int value doesn't fit in a uint of `bits` size.
      */
     error SafeCastOverflowedIntToUint(int256 value);
 
@@ -33,7 +33,7 @@ library SafeCast {
     error SafeCastOverflowedIntDowncast(uint8 bits, int256 value);
 
     /**
-     * @dev An uint value doesn't fit in an int of `bits` size.
+     * @dev A uint value doesn't fit in an int of `bits` size.
      */
     error SafeCastOverflowedUintToInt(uint256 value);
 

@@ -34,9 +34,19 @@ import {Panic} from "../Panic.sol";
  *
  *     // Declare a buffer storage variable
  *     CircularBuffer.Bytes32CircularBuffer private myBuffer;
+ *
+ *     constructor() {
+ *         myBuffer.setup(16); // Initialize the buffer with a non-zero fixed size (e.g., 16)
+ *     }
+ *
+ *     function pushValue(bytes32 value) external {
+ *         myBuffer.push(value); // Safe to push because the buffer was initialized in the constructor
+ *     }
  * }
  * ```
  *
+ * NOTE: Make sure to call {setup} on your buffer during construction/initialization
+ *
  * _Available since v5.1._
  */
 library CircularBuffer {

@@ -4,7 +4,6 @@
 pragma solidity ^0.8.24;
 
 import {Math} from "../math/Math.sol";
-import {SafeCast} from "../math/SafeCast.sol";
 import {Comparators} from "../Comparators.sol";
 import {Arrays} from "../Arrays.sol";
 import {Panic} from "../Panic.sol";
@@ -18,9 +17,10 @@ import {StorageSlot} from "../StorageSlot.sol";
  * index i is the child of the node at index (i-1)/2 and the parent of nodes at index 2*i+1 and 2*i+2. Each node
  * stores an element of the heap.
  *
- * The structure is ordered so that each node is bigger than its parent. An immediate consequence is that the
- * highest priority value is the one at the root. This value can be looked up in constant time (O(1)) at
- * `heap.tree[0]`
+ * The structure is ordered so that, per the comparator, each node has lower priority than its parent; as a
+ * consequence, the highest-priority value is at the root. This value can be looked up in constant time (O(1)) at
+ * `heap.tree[0]`. By default, the comparator is `Comparators.lt`, which treats smaller values as higher priority
+ * (min-heap). Using `Comparators.gt` yields a max-heap.
  *
  * The structure is designed to perform the following operations with the corresponding complexities:
  *
@@ -40,7 +40,6 @@ import {StorageSlot} from "../StorageSlot.sol";
 library Heap {
     using Arrays for *;
     using Math for *;
-    using SafeCast for *;
 
     /**
      * @dev Binary heap that supports values of type uint256.