Following best practices

Advice for Developing a Plugin

DOs 👌

  • Document your contracts using NatSpec.

  • Test your contracts, e.g., using toolkits such as hardhat (JS) or Foundry (Rust).

  • Use the auth modifier to control the access to functions in your plugin instead of onlyOwner or similar.

  • Write plugins implementations that need minimal permissions on the DAO.

  • Write PluginSetup contracts that remove all permissions on uninstallation that they requested during installation or updates.

  • Plan the lifecycle of your plugin (need for upgrades).

  • Follow our versioning guidelines.

DON’Ts ✋

  • Leave any contract uninitialized.

  • Grant the ROOT_PERMISSION_ID permission to anything or anyone.

  • Grant with who: ANY_ADDR unless you know what you are doing.

  • Expect people to grant or revoke any permissions manually during the lifecycle of a plugin. The PluginSetup should take this complexity away from the user and after uninstallation, all permissions should be removed.

  • Write upgradeable contracts that:

  • Repurpose existing storage (in upgradeable plugins).

  • Inherit from previous versions as this can mess up the inheritance chain. Instead, write self-contained contracts.

In the following sections, you will learn about the details about plugin development.

← Upgrading your plugin
Publishing your plugin →