Last week, we saw one of the biggest hacks in the history of smart contract applications. ~30M USD were lost due to a simple programmer error, leaving critical functions open for anyone to call. It’s high time we get serious about writing secure contracts, if we want decentralized applications to reach their full potential.
In the early days of computing, writing code into machines was a difficult and inefficient endeavor. There were few tools and resources available for programmers, and specialized magazines were the main distribution media for software. Major operating systems were not yet available, so each computer model required machine-specific knowledge to be programmed. This is what it feels like to work with smart contracts in 2017.The State of Smart Contract Programming
Ethereum changed the world by creating a distributed global shared virtual machine known as the EVM. Anyone can now use this virtual machine to run programs that handle real money and formalize contractual relationships via code. The promise is huge: we’re creating a new global and natively-digital economy based on software.
Still, the tools developers are using to build towards this fantastic vision are very rudimentary. Once a contract is deployed, there’s no way to upgrade it, even for security reasons, which means applications can’t easily upgrade with new features and fixes; instead of calling standard libraries, application developers are copy/pasting code with each deployed contract, increasing deployment costs and margin for error; and, last but not least, debugging a contract’s failing function calls is hell with current tools.
Overall, the rate of innovation in building decentralized applications is limited by the manual and duplicative efforts projects must make to ensure basic usability and security.
Much like in the early days of computing, where op...