If a series of high-profile vulnerabilities weren't enough to persuade you that today's smart contracts are insecure, a group of computer scientists that have been researching the tech since the 1980s just might.
According to the team, the language will allow programmers to code in a more intuitive and secure manner, while allowing for the kind of formal verification processes that can be a struggle in smart contract testing today.
“In the current blockchain environment for smart contracts, security is a major impediment to having it grow into the larger economy and mainstream applications,” Tribble said.
He told CoinDesk:
Miller continued, saying that the new language should also facilitate communication between smart contracts running on different networks, potentially in the future enabling peer-to-peer trades of different cryptocurrencies.
A notable team
But it's perhaps the experience of the founders that most differentiates the project.
During CoinDesk's Consensus 2018 conference last week, zcash creator Zooko Wilcox could not praise Miller enough because of his foresight into what issues could arise within distributed smart contract development. For instance, Miller co-authored the Agoric Papers, a founding document for market-based, distributed computation, back in 1988 (before the term 'smart contract' had even been coined).
But with the new project, the founders are setting their sights on improving what they see as weaknesses within the dominant smart contracting languages of today.
Speaking to CoinDesk, Miller said that while ethereum is very much a “breakthrough system," there are aspects of its core programming language, Solidity, that can cause programmers trouble.
Indeed, researchers have estimated that there are 34,000 vulnerable smart contracts active on the ethereum mainnet today, a problem the founders attribute to fundamental flaws with Solidity.
“And the problem isn’t just bad language design – like solidity is a bad language, we can just make a better language – the problem is architecturally deep, it has to do with the underlying security model,” Miller told CoinDesk.
Miller continued, saying that the core of the problem is that within these systems authorization and identity are connected. With a passport in one hand and a set of keys in another, Miller explained that Agoric’s approach seeks to decouple authorization-based access control, like car keys, from identity-based access, like a passport.
Because on blockchain-based systems, identities and wallets are linked, a switch to an authorization-based model could help protect developers from making expensive mistakes.
Miller told CoinDesk:
An easier audit
Another way Agoric is said to help developers is through an object-oriented approach.
With this, coders can focus on ensuring the security of small, discrete elements that are then amassed into increasingly complicated systems without compromising the underlying components.
“The intuitions object-oriented programmers already have about interacting objects is what we amplify in order to help them reason about security,” Miller said.
Tribble agreed, telling CoinDesk that the questions programmers then ask are as simple as: “Here’s my code, does my bank account escape? Here is the code for my contract, is the money preserved? At a high level, what you can specify is much more accessible to humans."
This kind of language is advantageous as well because the systems are easier to audit.
Currently, because there aren't many people that are fluent in smart contract languages like Solidity, security reviews are slow and expensive. But according to Tribble, that's not sustainable.
As such, the Agoric team has been working alongside a variety of academics to improve the auditing process, while noting that such methods won't be finalized until a little further down the line.
“We’ve got a lot to build,” Tribble said. “We’ve been working on this for a long time, and we’re just getting started."
While the team is focused on building the language for developers right now, going forward, Agoric will release open-source toolkits that will allow developers to build in a variety of different environments. And those toolkits will help expand the team's own vision for smart contracts as well, whereby complex machine-human interactions over the Web can happen with ease.
Concluding, Tribble said:
Chalk drawing via Shutterstock
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.