OpenZeppelin's security audit of the Stellar Contracts Library, a new set of smart contract components for Soroban, identified one high-severity issue, one medium-severity issue, and five low-severity issues across fungible token and pausable utility modules. All issues have been resolved through pull requests.
OpenZeppelin completed a security audit of the first release candidate of the Stellar Contracts Library, developed in partnership with the Stellar Development Foundation. The library provides Rust/Soroban implementations of fungible tokens (following SEP-0041 standard) with extensions for burning, minting, and metadata, plus a pausable utility for emergency contract state management. The audit examined 15 total issues: one high-severity flaw in attribute macros omitting subsequent attributes (resolved), one medium-severity issue with implicit approval period restrictions (resolved with documentation), five low-severity findings including env type check bypasses and misleading documentation (all resolved), and seven additional notes on code quality (all resolved). The codebase was praised for being concise, well-documented, and following good practices, with the OpenZeppelin team demonstrating responsiveness to audit findings.
