Skip to main content

Before Starting

Advice for Developing a Plugin

DOs 👌

  • Document your contracts using NatSpec.
  • Test your contracts, e.g., using toolkits such as hardhat (JS) or Foundry (Rust).
  • Use the auth modifier to control the access to functions in your plugin instead of onlyOwner or similar.
  • Write plugins implementations that need minimal permissions on the DAO.
  • Write PluginSetup contracts that remove all permissions on uninstallation that they requested during installation or updates.
  • Plan the lifecycle of your plugin (need for upgrades).
  • Follow our versioning guidelines.

DON'Ts ✋

  • Leave any contract uninitialized.
  • Grant the ROOT_PERMISSION_ID permission to anything or anyone.
  • Grant with who: ANY_ADDR unless you know what you are doing.
  • Expect people to grant or revoke any permissions manually during the lifecycle of a plugin. The PluginSetup should take this complexity away from the user and after uninstallation, all permissions should be removed.
  • Write upgradeable contracts that:
    • Repurpose existing storage (in upgradeable plugins).
    • Inherit from previous versions as this can mess up the inheritance chain. Instead, write self-contained contracts.

In the following sections, you will learn about the details about plugin development.

© 2023