The thought behind the Viper challenge was to develop one thing that was inherently designed on the language stage to exhibit a excessive diploma of safety. The challenge was initially penned by Vitalik as a proof-of-concept substitute for his predecessor Serpent, however Viper discovered itself with out a devoted maintainer shortly after its creation. Fortuitously, there have been enthusiastic group members who picked up the torch and continued to develop the challenge, and we (the EF Python staff) briefly rejoined the challenge earlier this yr.
This fall, a preliminary safety audit was performed by the ConsenSys due diligence staff on the Python-based Viper compiler. You may learn the outcomes for your self right here,
We encourage you to learn the report, nevertheless, because it accommodates two essential findings.
- There are a number of severe bugs within the Viper compiler.
- The codebase has a excessive stage of technical debt which can make addressing these points difficult.
Because the current Python-based Viper implementation is just not but prepared for manufacturing, it has been moved from the Ethereum Github group to its personal group: Viperlang. The present maintainers plan to as soon as once more tackle the problems independently, however we’ll proceed to comply with the challenge intently right here: > https://github.com/vyperlang/vyper
Within the meantime, our staff continues to work on a Rust-based compiler. Extra about that under, however first, here is a bit extra about how we obtained to the place we’re immediately.
Throughout this yr we labored with the challenge maintainers to concentrate on bettering the challenge’s code high quality and structure. After just a few months of labor, we doubted that the Python codebase was prone to ship on the concept Wyper promised. The codebase contained a big quantity of technical and architectural debt, and from our perspective it did not seem like the present maintainers have been centered on fixing it.
rust discovery
Earlier this yr in August, we explored constructing a model of the Viper compiler constructed on a essentially totally different structure. The objective was to jot down a compiler in Rust that leverages current work by the Solidity staff and makes use of the YUL intermediate illustration to permit us to focus on EVM or eWASM throughout compilation. Rust based mostly compilers will be simply compiled into WASM, making the compiler extra moveable than Python based mostly compilers. By constructing on prime of YUL we might get EVM and EWASM compilation without cost, solely the compiler would wish to deal with the transformation from Viper AST to YUL. When Python Viper Audit was launched we have been fairly far together with our Rust based mostly Viper compiler, and have been assured within the course. The audit confirmed a number of considerations across the Python codebase and helped validate the course we’re taking.
work in progress
That mentioned, the maintainers of the Python Viper codebase intend to proceed with the challenge. Whereas we don’t plan for continued participation within the Python codebase, we want them the very best of luck but in addition need to word latest occasions in order to not inadvertently sign that the challenge is protected to make use of.
So there are presently two “Viper” compilers: EF-supported work in the direction of constructing a compiler written in Rust to ship Viper’s core thought, and a Python effort that can work independently in the direction of the identical objectives within the Python codebase. We hope we are able to proceed to work collectively in the direction of a single “Viper” with a number of implementations, and can hold everybody up to date because the challenge progresses.