FortifySol is a flexible, open-source Solidity template designed to help you build secure, upgradeable, and governance-ready smart contract systems. Whether you’re prototyping a single contract or orchestrating a complex decentralized application (dApp), FortifySol serves as a robust starting point, offering a collection of well-structured contracts, best practices, and supporting scripts.
- Modular Architecture: A well-organized folder structure with dedicated directories for access control, security, upgrades, tokens, and utility libraries.
- Security-Focused: Implements role-based access control, timelock controllers, multi-signature wallets, escrow, pausability, and reentrancy guards—all inspired by industry standards and official Solidity security recommendations.
- Upgradeable Contracts: Includes a proxy pattern (EIP-1967/EIP-1822 compatible) and upgradeable logic contracts for future-proofing your code.
- Governance-Ready: Offers a governance token template and integration with timelocks and multi-sig wallets to support community-driven decision-making.
- Comprehensive Tooling: Uses Hardhat, Mocha/Chai tests, and optional plugins for coverage, gas reporting, linting, and static analysis to ensure code quality and reliability.
- Open-Source & Extensible: Provided under the MIT License, with documentation and contribution guidelines encouraging community involvement.
FortifySol/
├── contracts/
│ ├── access/
│ │ └── RoleManager.sol
│ ├── security/
│ │ ├── MultiSigWallet.sol
│ │ ├── TimeLockController.sol
│ │ └── SafeEscrow.sol
│ ├── upgrades/
│ │ ├── UpgradeableProxy.sol
│ │ └── MyUpgradableLogic.sol
│ ├── tokens/
│ │ └── GovernanceToken.sol
│ ├── utilities/
│ │ ├── ReentrancyGuarded.sol
│ │ └── SafeIncrement.sol
│ ├── PausableContract.sol
│ └── Vault.sol
├── test/
│ ├── test_RoleManager.js
│ ├── test_MultiSigWallet.js
│ ├── test_TimeLockController.js
│ ├── test_SafeEscrow.js
│ ├── test_UpgradeableProxy.js
│ ├── test_GovernanceToken.js
│ ├── test_PausableContract.js
│ └── test_Vault.js
├── scripts/
│ ├── deploy_all.js
│ ├── deploy_upgradeable.js
│ └── verify_all.js
├── docs/
│ ├── Architecture.md
│ ├── CONTRIBUTING.md
│ └── README.md (You are here)
├── .github/
│ └── workflows/
│ └── ci.yml
├── .gitignore
├── LICENSE
├── hardhat.config.js
└── package.json
-
Install Dependencies:
npm install
-
Compile Contracts:
npx hardhat compile
-
Run Tests:
npx hardhat test -
Local Deployment:
npx hardhat run scripts/deploy_all.js
-
Public Testnet Deployment & Verification (e.g., Goerli):
- Configure your
.envwith private keys and API keys. - Deploy:
npx hardhat run scripts/deploy_all.js --network goerli
- Verify:
npx hardhat run scripts/verify_all.js --network goerli
- Configure your
- Start small: Use just the
Vault.solorPausableContract.solfor quick proofs-of-concept. - Scale up: Integrate the
TimeLockController,MultiSigWallet, and governance mechanisms for production-ready solutions. - Extend functionality: Add your own contracts, interfaces, or libraries following the provided structure and best practices.
- Static Analysis & Audits: Use tools like
solhint,slither, andmythrilto detect potential issues early. - Gas Optimization: Consider integrating
hardhat-gas-reporterand follow Solidity gas-saving guidelines. - Test Thoroughly: Expand tests for edge cases, fuzzing inputs, and integrating differential testing techniques if needed.
- Review Access Controls: Regularly audit roles, permissions, and upgrade paths to ensure minimal trust assumptions.
We welcome contributions! Please review CONTRIBUTING.md for guidance on reporting issues, submitting pull requests, and following coding standards.
FortifySol is released under the MIT License.
- Official Solidity Documentation:
https://docs.soliditylang.org - Hardhat Documentation:
https://hardhat.org - OpenZeppelin Contracts:
https://docs.openzeppelin.com/contracts
Harness the power of FortifySol to accelerate your decentralized development journey, from quick experimentation to production-scale, security-focused dApps.