Conversation

Notices

1. Embed this notice
   Hyolobrika (hyolobrika@social.fbxl.net)'s status on Sunday, 22-Sep-2024 13:12:28 JST Hyolobrika

   One important task of smart contracts, that has been largely overlooked by traditional EDI, is communicating the semantics of the transaction to the parties involved. There is ample opportunity in smart contracts for “smart fine print”: actions taken by the software hidden from a party to the transaction. For example, grocery store POS machines don’t tell customers whether or not their names are being linked to their purchases in a database. The clerks don’t even know, and they’ve processed thousands of such transactions under their noses. Thus, via hidden action of the software, the customer is giving away information they might consider valuable or confidential, but the contract has been drafted, and transaction has been designed, in such a way as to hide those important parts of that transaction from the customer.

   What the everloving fuck is this blatent disregard for honesty?!

   From Smart Contracts by Nick Szabo, the guy who originally invented the concept

   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 22-Sep-2024 13:12:26 JST feld

     in reply to
     @Hyolobrika you can try to hide and obfuscate stuff in smart contracts. But they can be decompiled and analyzed to see their true behavior.
     
     You can never be certain what's gonna happen when you interact with a contract. It doesn't have to tell you anything.
     Sick Sun likes this.
   • Embed this notice
     Hyolobrika (hyolobrika@social.fbxl.net)'s status on Sunday, 22-Sep-2024 13:12:27 JST Hyolobrika

     in reply to

     • Sick Sun
     cc: @sun
   • Embed this notice
     Hyolobrika (hyolobrika@social.fbxl.net)'s status on Sunday, 22-Sep-2024 13:12:27 JST Hyolobrika

     in reply to
     To crypto's credit though, AFAIK most smart contract chains don't allow that (or, at least, not Ethereum).
   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Sunday, 22-Sep-2024 13:13:25 JST Sick Sun

     in reply to

     • feld
     @feld @Hyolobrika Yeah, it's all public but that doesn't mean it's easy.
   • Embed this notice
     Fediverse Contractor (bot@seal.cafe)'s status on Sunday, 22-Sep-2024 13:16:48 JST Fediverse Contractor

     in reply to

     • Sick Sun
     • feld
     You being mean to me is also public
   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 22-Sep-2024 13:24:08 JST feld

     in reply to
     @Hyolobrika the language is limited and you can decompile it. Tools like IDA have to deal with way more complicated stuff.
     
     AIUI You can get almost identical code back out but without the variable names and comments etc obviously
     
     https://jbecker.dev/research/diving-into-decompilation
   • Embed this notice
     Hyolobrika (hyolobrika@social.fbxl.net)'s status on Sunday, 22-Sep-2024 13:24:09 JST Hyolobrika

     in reply to

     • feld
     True. They are compiled, and releasing the source code is not a given. How many contracts do that? Do any use reproducible builds?
   • Embed this notice
     feld (feld@friedcheese.us)'s status on Sunday, 22-Sep-2024 13:25:18 JST feld

     in reply to
     @Hyolobrika 99% sure that reproducible builds are a given with the EVM. A contract always has to compile and produce the same hash otherwise it's hard to verify it, right?
   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Sunday, 22-Sep-2024 15:59:16 JST Sick Sun

     in reply to

     • feld
     @feld @Hyolobrika Yes, Solidity compiler is deterministic builds, within the same version number. So, if you look on Etherscan like Harblinger mentions, you will notice that it lists the exact solc compiler version and settings. When you upload the contract code you have to include the compiler version and settings.
   • Embed this notice
     Hyolobrika (hyolobrika@social.fbxl.net)'s status on Sunday, 22-Sep-2024 16:09:00 JST Hyolobrika

     in reply to

     • Sick Sun
     • feld
     Nvm. I found it.
     Sick Sun likes this.
   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Sunday, 22-Sep-2024 16:20:20 JST Sick Sun

     in reply to

     • feld
     @Hyolobrika @feld you may be interested to know that a different chain, Arbitrum, has smart contracts that run on a WASM engine. That is better in a lot of ways but also makes it harder to verify contracts since a lot more languages can compile to it but don't have deterministic builds.
   • Embed this notice
     Sick Sun (sun@shitposter.world)'s status on Sunday, 22-Sep-2024 16:32:41 JST Sick Sun

     in reply to

     • feld
     @Hyolobrika @feld yeah the main language being pitched for wasm smart contracts is Rust!
   • Embed this notice
     Hyolobrika (hyolobrika@social.fbxl.net)'s status on Sunday, 22-Sep-2024 16:32:42 JST Hyolobrika

     in reply to

     • Sick Sun
     • feld

     Freenet, which is not cryptocurrency but is conceptually similar to Ethereum, also uses WASM (currently just with Rust, which the core program is also written in)