The thought behind the Vyper Venture was to develop one thing that was designed on the language degree to naturally exhibit a excessive diploma of security. The undertaking was initially authored by Vitalik as a proof-of-concept alternative for Serpent, its predecessor, however shortly after its creation Vyper discovered itself with no devoted maintainer. Fortunately, there have been enthusiastic group members that took up the torch and continued growth of the undertaking, and we (the EF Python Staff) grew to become re-involved within the undertaking for a while earlier this 12 months.
This fall, a preliminary safety audit was carried out by the Consensys Diligence group on the Python-based Vyper compiler. You can read the results for yourself here.
We encourage you to learn the report, nevertheless, there are two fundamental take-aways.
- There are a number of critical bugs within the Vyper compiler.
- The codebase has a excessive degree of technical debt which can make addressing these points advanced.
For the reason that present Python-based Vyper implementation is just not but manufacturing prepared, it has been moved out of the ethereum github group into its personal group: vyperlang. The prevailing maintainers are planning to handle the problems independently as soon as once more, however we are going to proceed to comply with the undertaking carefully right here: > https://github.com/vyperlang/vyper
In the meantime, our group continues work on a Rust-based compiler in tandem. Extra on that beneath, however first, right here’s a bit extra on how we received to the place we’re right now.
Over the course of this 12 months we labored with the undertaking maintainers to deal with enhancing the code high quality and structure of the undertaking. After a number of months of labor we had been skeptical that the python codebase was more likely to ship on the concept that Vyper promised. The codebase contained a major quantity of technical and architectural debt, and from our perspective it did not seem to be the prevailing maintainers had been centered on fixing this.
Exploring Rust
Earlier this 12 months in August, we explored producing a model of the Vyper compiler constructed on essentially totally different structure. The purpose was to jot down a compiler in Rust that leverages the prevailing work by the Solidity group and makes use of the YUL intermediate illustration to permit us to focus on EVM or EWASM throughout compilation. A Rust based mostly compiler may be simply compiled to WASM, making the compiler far more moveable than one based mostly in Python. By constructing on prime of YUL we’d get the EVM and EWASM compilation without spending a dime, solely requiring the compiler to deal with the transformation from a Vyper AST to YUL.
We had been sufficiently far together with our Rust based mostly Vyper compiler when the Python Vyper audit was launched, and had been assured within the directionl. The audit confirmed many considerations across the python codebase and helped to validate the course we have taken.
The work continues
That mentioned, the maintainers of the Python Vyper codebase do intend to proceed with the undertaking. Whereas we don’t plan to have continued involvement within the python codebase, we want them luck but in addition wished to make observe of latest occasions to keep away from inadvertently signalling that the undertaking was secure to make use of.
So at current there are at the moment two “Vyper” compilers: The EF-supported work in direction of constructing a compiler written in Rust to ship on the unique thought of Vyper, and the Python effort which can work independently towards the identical objectives within the Python codebase. We’re hopeful that we will proceed working collectively in direction of a single “Vyper” with a number of implementations, and we’ll preserve everybody updated because the undertaking strikes ahead.
Source link