undefined | Better HN

0 pointsDennisP9y ago0 comments

Disclaimer: I write and audit Solidity for a living.

The max-callstack issue isn't a problem anymore due to a change in the EVM.

TheDAO was hit with a reentrant call. It's pretty easy to avoid that class of bugs by either (1) putting any external calls (including ether transfers) after all state changes, or (2) using address.send instead of address.call.value. Also, TheDAO was a very convoluted contract; better coding practices help a lot. Any contract that's at all hard to understand is a huge red flag for me.

Solidity may not be a perfect language but it's rapidly improving, statically typed, and has a set of best practices which are fairly well known at this point. The current alternatives aren't nearly as well tested or reviewed, and don't have clear advantages anyway.

There are various experimental projects for more advanced functional-style languages but they're not ready yet. There's also someone at the Foundation working full-time on formal proof systems.

0 comments

seagreen9y ago

Thanks for the info. Glad this stuff is being taken seriously by the core part of the community.

monkmartinez9y ago

Are you paid in Eth or some other form of currency?

DennisPOP9y ago

I'm paid a salary in fiat but the company I work for prefers payment in ETH, with Bitcoin its second choice, and our clients are generally happy with that.

j / k navigate · click thread line to collapse