Conversation

Notices

1. Embed this notice
   silverpill (silverpill@mitra.social)'s status on Saturday, 21-Oct-2023 00:46:34 JST silverpill

   in reply to

   • Grey Area

   @greyarea Formal verification is interesting, but too complicated for me. I'm in favor of simple, immutable contracts, and thorough unit testing.
   DeFi apps are hacked all the time because they are insanely complicated, and their contracts are constantly replaced via "governance", so it's not possible for a user to properly review them.

   • Embed this notice
     Grey Area (greyarea@mitra.vpclmulqdq.moe)'s status on Saturday, 21-Oct-2023 00:46:35 JST Grey Area

     in reply to

     @silverpill

     You'll probably find the papers by the ConCert team (linked from the README) entertaining at a minimum, even if you don't care for formal methods or proof assistants.

   • Embed this notice
     Grey Area (greyarea@mitra.vpclmulqdq.moe)'s status on Saturday, 21-Oct-2023 00:46:36 JST Grey Area

     As an unsolicited opinion since smart contract languages came up in my feed, the whole "smart contract" concept is nice in theory but terrible in practice, because:

     - Regardless of language[1], people can't code their way out of a wet paper bag.
     - The testing/debugging/verification tooling is one of non-existent, shit,
     or complicated/exotic[2].
     - By it's very nature, errors lead to irreversible damage, and architectural changes that mitigate "programmer fucked up, sorry for your loss, have fun staying poor" go against the crypto ethos.

     I want my digital currency alternatives to be as stupid as possible, and as private as possible (which also is a losing battle due to politics, but that's another rant).

     [1]: Not even crab-lang can save your smart contract from developer errors. https://www.certik.com/resources/blog/1kDYgyBcisoD2EqiBpHE5l-wormhole-bridge-exploit-incident-analysis
     [2]: See https://github.com/AU-COBRA/ConCert for an example of tooling that should be mandatory.