DevCon2: Smart Contract Security in Ethereum
Ethereum launched with several smart contract languages, but the community has mostly converged on Solidity. Solidity’s dominance has been helpful in many ways. Spreading knowledge about insecure contract patterns is much easier when everyone’s speaking the same language.
Some EVM improvements could be made to ease the process of writing secure contracts. For instance, if sending funds and sending messages between contracts used different opcodes, it would be much easier to avoid unintentional reentrancy. However, there’s much more work to do at layers above the EVM than there is to do on the EVM itself. Work is being done on several smart contract languages that compile to EVM bytecode. As it has on the web, a diversity of languages can help with progress: when developers learn which language features minimize the cognitive load of writing secure contracts through their own experience, those features will spread to more languages and developers will move to languages that include them. There will be multiple sources of experimentation and evolution that lead us to an ecosystem where it’s simpler to write secure contracts.
This series was a collaborative research project written by Bill Gleim, Simon de la Rouviere, Paul Kohlhaas, and Niran Babalola. It was crowdfunded by the Ethereum Movement, a decentralized nonprofit built on Benefactory.