If a series of high-profile vulnerabilities weren't enough to persuade you that today's smart contracts are insecure, a group of computer scientists that have been researching the tech since the 1980s just might.
Announced Monday, computer scientists Mark Miller, Dean Tribble, Brian Warner and Bill Tulloh have launched a new startup, Agoric, to develop a secure, blockchain-agnostic programming language based on javascript. The launch comes with a seed investment from a notable group of backers including Naval Ravikant, Polychain Capital and Zcash Company, the for-profit institution that manages the development of privacy-oriented cryptocurrency zcash.
According to the team, the language will allow programmers to code in a more intuitive and secure manner, while allowing for the kind of formal verification processes that can be a struggle in smart contract testing today.
“In the current blockchain environment for smart contracts, security is a major impediment to having it grow into the larger economy and mainstream applications,” Tribble said.
He told CoinDesk:
By building upon popular programming language, javascript, the founders argue the language will open smart contract development up to a wider range of developers.
“Now with the enablers in javascript, we can bring the massive amount of javascript programmers into this new world,” Miller, who left a 10-year position at Google to found the startup, said.
Miller continued, saying that the new language should also facilitate communication between smart contracts running on different networks, potentially in the future enabling peer-to-peer trades of different cryptocurrencies.
“The overall contract and relationship can span different environments,” Miller, who has been a member of the javascript standards committee, TC39, for many years, said. “It could bring about the all-or-nothing swap of assets.”
A notable team
But it's perhaps the experience of the founders that most differentiates the project.
During CoinDesk's Consensus 2018 conference last week, zcash creator Zooko Wilcox could not praise Miller enough because of his foresight into what issues could arise within distributed smart contract development. For instance, Miller co-authored the Agoric Papers, a founding document for market-based, distributed computation, back in 1988 (before the term 'smart contract' had even been coined).
Yet the others on the team also have impressive pasts. Tulloh and Tribble were both involved in the first smart contracting system, AMiX, while Warner co-founded decentralized cloud storage protocol, Tahoe-LAFS.
But with the new project, the founders are setting their sights on improving what they see as weaknesses within the dominant smart contracting languages of today.
Speaking to CoinDesk, Miller said that while ethereum is very much a “breakthrough system," there are aspects of its core programming language, Solidity, that can cause programmers trouble.
Miller said:
Indeed, researchers have estimated that there are 34,000 vulnerable smart contracts active on the ethereum mainnet today, a problem the founders attribute to fundamental flaws with Solidity.
“And the problem isn’t just bad language design – like solidity is a bad language, we can just make a better language – the problem is architecturally deep, it has to do with the underlying security model,” Miller told CoinDesk.
Miller continued, saying that the core of the problem is that within these systems authorization and identity are connected. With a passport in one hand and a set of keys in another, Miller explained that Agoric’s approach seeks to decouple authorization-based access control, like car keys, from identity-based access, like a passport.
Because on blockchain-based systems, identities and wallets are linked, a switch to an authorization-based model could help protect developers from making expensive mistakes.
Miller told CoinDesk:
An easier audit
Another way Agoric is said to help developers is through an object-oriented approach.
With this, coders can focus on ensuring the security of small, discrete elements that are then amassed into increasingly complicated systems without compromising the underlying components.
“The intuitions object-oriented programmers already have about interacting objects is what we amplify in order to help them reason about security,” Miller said.
Tribble agreed, telling CoinDesk that the questions programmers then ask are as simple as: “Here’s my code, does my bank account escape? Here is the code for my contract, is the money preserved? At a high level, what you can specify is much more accessible to humans."
This kind of language is advantageous as well because the systems are easier to audit.
Currently, because there aren't many people that are fluent in smart contract languages like Solidity, security reviews are slow and expensive. But according to Tribble, that's not sustainable.
As such, the Agoric team has been working alongside a variety of academics to improve the auditing process, while noting that such methods won't be finalized until a little further down the line.
“We’ve got a lot to build,” Tribble said. “We’ve been working on this for a long time, and we’re just getting started."
While the team is focused on building the language for developers right now, going forward, Agoric will release open-source toolkits that will allow developers to build in a variety of different environments. And those toolkits will help expand the team's own vision for smart contracts as well, whereby complex machine-human interactions over the Web can happen with ease.
Concluding, Tribble said:
Chalk drawing via Shutterstock