Billions in Buggy Bitcoin Bindings

Having written (imperfectly) both software and contracts, the enthusiasm for smart contracts has surprised me. Adrian Colyer put this deliciously today:

I’m sure many readers of The Morning Paper are also relatively experienced programmers. So how does this challenge sound? I want you to write a program that has to run in a concurrent environment under Byzantine circumstances where any adversary can invoke your program with any arguments of their choosing. The environment in which your program executes (and hence any direct or indirect environmental dependencies) is also under adversary control. If you make a single exploitable mistake or oversight in the implementation, or even in the logical design of the program, then either you personally or perhaps the users of your program could lose a substantial amount of money. Where your program will run, there is no legal recourse if things go wrong. Oh, and once you release the first version of your program, you can never change it. It has be right first time.

I don’t think there are many experienced programmers that would fancy taking on this challenge. But call it ‘writing a smart contract’ and programmers are lining up around the block to have a go! Most of them it seems, get it wrong.

That's from Mr. Colyer's summary of the paper Zeus: Analyzing safety of smart contracts by Kalra, Goel, Dhawan, and Sharma (IBM Research India) at NDSS 2018. Kalra, et al found almost 95% of the cryptocurrency contracts studied (worth more than half a billion US$, though wait a few minutes and that will change) they examined were buggy. Both the summary and the paper are worth reading.

Five days a week Mr. Colyer posts an incisive summary of a technical paper, a remarkable dedication to self-education and public education by a guy whose day job is venture capital. I've learned a lot from him, though I've occasionally found him a bit uncritically accepting of authors' assertions.