The concept behind the Vyper Undertaking was to develop one thing that was designed on the language stage to naturally exhibit a excessive diploma of security. The challenge was initially authored by Vitalik as a proof-of-concept alternative for Serpent, its predecessor, however shortly after its creation Vyper discovered itself with out a devoted maintainer. Fortunately, there have been enthusiastic group members that took up the torch and continued growth of the challenge, and we (the EF Python Staff) turned re-involved within the challenge for a while earlier this yr.
This fall, a preliminary safety audit was carried out by the Consensys Diligence workforce on the Python-based Vyper compiler. You can read the results for yourself here.
We encourage you to learn the report, nonetheless, there are two foremost take-aways.
- There are a number of critical bugs within the Vyper compiler.
- The codebase has a excessive stage of technical debt which can make addressing these points complicated.
Because the current Python-based Vyper implementation just isn’t but manufacturing prepared, it has been moved out of the ethereum github group into its personal group: vyperlang. The prevailing maintainers are planning to deal with the problems independently as soon as once more, however we’ll proceed to observe the challenge carefully right here: > https://github.com/vyperlang/vyper
In the meantime, our workforce continues work on a Rust-based compiler in tandem. Extra on that under, however first, right here’s a bit extra on how we received to the place we’re immediately.
Over the course of this yr we labored with the challenge maintainers to deal with enhancing the code high quality and structure of the challenge. After just a few months of labor we had been skeptical that the python codebase was prone to ship on the concept Vyper promised. The codebase contained a major quantity of technical and architectural debt, and from our perspective it did not seem to be the prevailing maintainers had been targeted on fixing this.
Exploring Rust
Earlier this yr in August, we explored producing a model of the Vyper compiler constructed on basically totally different structure. The aim was to write down a compiler in Rust that leverages the prevailing work by the Solidity workforce and makes use of the YUL intermediate illustration to permit us to focus on EVM or EWASM throughout compilation. A Rust primarily based compiler could be simply compiled to WASM, making the compiler far more transportable than one primarily based in Python. By constructing on high of YUL we might get the EVM and EWASM compilation totally free, solely requiring the compiler to deal with the transformation from a Vyper AST to YUL.
We had been sufficiently far together with our Rust primarily based Vyper compiler when the Python Vyper audit was launched, and had been assured within the directionl. The audit confirmed many considerations across the python codebase and helped to validate the route we have taken.
The work continues
That mentioned, the maintainers of the Python Vyper codebase do intend to proceed with the challenge. Whereas we don’t plan to have continued involvement within the python codebase, we want them luck but additionally needed to make observe of current occasions to keep away from inadvertently signalling that the challenge was secure to make use of.
So at current there are at the moment two “Vyper” compilers: The EF-supported work in the direction of constructing a compiler written in Rust to ship on the unique concept of Vyper, and the Python effort which can work independently towards the identical objectives within the Python codebase. We’re hopeful that we are able to proceed working collectively in the direction of a single “Vyper” with a number of implementations, and we’ll hold everybody updated because the challenge strikes ahead.