Vyper: A Security Comparison with Solidity Based on Common Vulnerabilities

Vyper has been proposed as a new high-level language for Ethereum smart contract development due to numerous security vulnerabilities and attacks witnessed on contracts written in Solidity since the system’s inception. Vyper aims to address these vulnerabilities by providing a language that focuses on simplicity, auditability and security. We present a survey where we study how well-known and commonly-encountered vulnerabilities in Solidity feature in Vyper’s development environment. We analyze all such vulnerabilities individually and classify them into five groups based on their status in Vyper. To the best of our knowledge, our survey is the first attempt to study security vulnerabilities in Vyper.

[1]  Prateek Saxena,et al.  Making Smart Contracts Smarter , 2016, IACR Cryptol. ePrint Arch..

[2]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[3]  Vincent Gramoli,et al.  Vandal: A Scalable Security Analysis Framework for Smart Contracts , 2018, ArXiv.

[4]  William J. Knottenbelt,et al.  Towards Safer Smart Contracts: A Survey of Languages and Verification Methods , 2018, ArXiv.

[5]  Huashan Chen,et al.  A Survey on Ethereum Systems Security , 2019, ACM Comput. Surv..

[6]  Massimo Bartoletti,et al.  A Survey of Attacks on Ethereum Smart Contracts (SoK) , 2017, POST.

[7]  Aron Laszka,et al.  Designing Secure Ethereum Smart Contracts: A Finite State Machine Based Approach , 2017, Financial Cryptography.

[8]  Jing Liu,et al.  A Survey on Security Verification of Blockchain Smart Contracts , 2019, IEEE Access.

[9]  Prateek Saxena,et al.  Finding The Greedy, Prodigal, and Suicidal Contracts at Scale , 2018, ACSAC.

[10]  Petar Tsankov,et al.  Securify: Practical Security Analysis of Smart Contracts , 2018, CCS.

[11]  Abhishek Dubey,et al.  VeriSolid: Correct-by-Design Smart Contracts for Ethereum , 2019, Financial Cryptography.

[12]  Aron Laszka,et al.  Verified Development and Deployment of Multiple Interacting Smart Contracts with VeriSolid , 2020, 2020 IEEE International Conference on Blockchain and Cryptocurrency (ICBC).

[13]  Vladimir Korkhov,et al.  Evaluation of Tools for Analyzing Smart Contracts in Distributed Ledger Technologies , 2019, ICCSA.

[14]  Nick Szabo,et al.  Formalizing and Securing Relationships on Public Networks , 1997, First Monday.

[15]  Gernot Salzer,et al.  A Survey of Tools for Analyzing Ethereum Smart Contracts , 2019, 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON).

[16]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[17]  Ali Dehghantanha,et al.  Empirical Vulnerability Analysis of Automated Smart Contracts Security Testing on Blockchains , 2018, CASCON.

[18]  Vitalik Buterin A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM , 2015 .