The concept behind the Vyper Mission was to develop one thing that was designed on the language degree to naturally exhibit a excessive diploma of security. The mission was initially authored by Vitalik as a proof-of-concept alternative for Serpent, its predecessor, however shortly after its creation Vyper discovered itself with no devoted maintainer. Fortunately, there have been enthusiastic neighborhood members that took up the torch and continued improvement of the mission, and we (the EF Python Workforce) grew to become re-involved within the mission for a while earlier this 12 months.
This fall, a preliminary safety audit was carried out by the Consensys Diligence staff on the Python-based Vyper compiler. You’ll be able to learn the outcomes for your self right here.
We encourage you to learn the report, nevertheless, there are two essential take-aways.
- There are a number of critical bugs within the Vyper compiler.
- The codebase has a excessive degree of technical debt which is able to make addressing these points complicated.
Because the present Python-based Vyper implementation is just not but manufacturing prepared, it has been moved out of the ethereum github group into its personal group: vyperlang. The present maintainers are planning to deal with the problems independently as soon as once more, however we’ll proceed to comply with the mission carefully right here: > https://github.com/vyperlang/vyper
In the meantime, our staff continues work on a Rust-based compiler in tandem. Extra on that under, however first, right here’s a bit extra on how we received to the place we’re at present.
Over the course of this 12 months we labored with the mission maintainers to give attention to enhancing the code high quality and structure of the mission. After just a few months of labor we have been skeptical that the python codebase was more likely to ship on the concept Vyper promised. The codebase contained a big quantity of technical and architectural debt, and from our perspective it did not appear to be the prevailing maintainers have been targeted on fixing this.
Exploring Rust
Earlier this 12 months in August, we explored producing a model of the Vyper compiler constructed on basically completely different structure. The objective was to put in writing a compiler in Rust that leverages the prevailing work by the Solidity staff and makes use of the YUL intermediate illustration to permit us to focus on EVM or EWASM throughout compilation. A Rust primarily based compiler will be simply compiled to WASM, making the compiler far more transportable than one primarily based in Python. By constructing on prime of YUL we might get the EVM and EWASM compilation at no cost, solely requiring the compiler to deal with the transformation from a Vyper AST to YUL.
We have been sufficiently far together with our Rust primarily based Vyper compiler when the Python Vyper audit was launched, and have been assured within the directionl. The audit confirmed many considerations across the python codebase and helped to validate the course we have taken.
The work continues
That mentioned, the maintainers of the Python Vyper codebase do intend to proceed with the mission. Whereas we don’t plan to have continued involvement within the python codebase, we want them luck but additionally needed to make notice of current occasions to keep away from inadvertently signalling that the mission was secure to make use of.
So at current there are at present two “Vyper” compilers: The EF-supported work in direction of constructing a compiler written in Rust to ship on the unique concept of Vyper, and the Python effort which is able to work independently towards the identical targets within the Python codebase. We’re hopeful that we will proceed working collectively in direction of a single “Vyper” with a number of implementations, and we’ll hold everybody updated because the mission strikes ahead.
