In the previous article, we focused readers' attention on such feature of the Giant blockchain as the system code update. We mentioned that our blockchain replicates Ethereum technology solutions and also offers new features such as:
For smart contracts implementation, we have chosen the JavaScript. Why the Javascript? Let's try to figure out.
Obviously, none of the existing programming languages do meet all the needs of the programmer. Each language has its pros and cons. However, the JavaScript turned out to be the best solution in our situation. Let's try to explain why.
In an article «A survey of attacks on Ethereum smart contracts»1 Atzei et al. touching on security issues of Ethereum smart contracts write the following: «There are several reasons which make the implementation of smart contracts particularly prone to errors in Ethereum. A significant part of them is related to Solidity, the high-level programming language supported by Ethereum. Many vulnerabilities seem to be caused by a misalignment between the semantics of Solidity and the intuition of programmers. The problem is that Solidity, whilst looking like a typed Javascript-like language (with exceptions and functions), implements some of these features in a peculiar way. At the same time, the language does not introduce constructs to deal with domain-specific aspects, like e.g. the fact that computation steps are recorded on a public blockchain, wherein they can be unpredictably reordered or delayed». From the article's excerpt, it becomes clear that the main security issues of smart contracts come from the Solidity. But what kind of «features» put the security of platforms and users who write smart contracts on the Ethereum blockchain at risk? Let's try to find out.
In the list below, we want to list some of the problems and features of the Solidity language that can threaten the security of the platform:
And this is not a complete list of the Solidity vulnerabilities that have led, and quite possibly will lead to the loss of funds of users of Ethereum smart contracts.
The largest incident in terms of money has happened with the DAO platform, a Decentralized Autonomous Organization, which has experienced a vulnerability called Reentrancy. In June 2016, a hacker took advantage of the vulnerability of DAO smart contracts and brought to his account more than 3.6 mln of ether which at the rate of that time is equivalent to about $50 mln7. Developers of the platform had tried to fix the problem as quickly as possible, but they failed to do so because of the clumsiness of the Solidity. This case hardly affected the DAO and at the end of 2016, the Kraken and Poloniex cryptocurrency exchanges excluded the DAO from trade.8
In the most recent case, which occurred in July 2018, a vulnerability in code written in the Solidity has led to the theft of about $ 23.5 million from the Bancor, a decentralized exchange.9
In conclusion, we would like to quote Martin Holst Swende, a security lead at the Ethereum Foundation, who once commented on the security of Ethereum space: &lauqo;This is Disneyland for hackers&rauqo;.
The C# and C++ are complex languages for writing smart contracts and are therefore difficult to be accessed for many developers. Each of them has its pros and cons. For example, the C# is preferable for a quick production of any prototype. It is more convenient in the early stages of projects because of the high speed of development. However, if you have created an infrastructure, chosen libraries, and set a build, it doesn't matter which language you use: the speed of development will be about the same. Let's review the C# and the C++ on some other parameters:
Obviously, JavaScript is preferable to the C# and C++ for writing smart contracts, as these languages are much more complicated. Although this complexity provides additional flexibility, it will be time-consuming for the developer.
We offer the implementation of «smart contracts» on the JavaScript (ES6 standard). We utilize this programming language since it provides maximum opportunities for solving all kinds of problems. The JS is flexible, which means that you can apply more than one programming template to specific conditions. In addition, the JavaScript opens up a huge number of ready-made libraries and frameworks to simplify code writing.
You can apply Javascript in many areas and develop different applications. Thanks to the NodeJS and web frameworks, it has a large community. Convenient and easy to use JS programming language makes the development of smart contracts accessible to everyone.
The Giant blockchain runs the JavaScript of ECMAScript 6 standard using the V8 JS engine (Chrome) version 6.6.
Each smart contract has an address, in other words, it has its own balance and can accept payments. The core implementation of the contract class provides the core capabilities of smart contract, both for accepting transactions where the current smart contract acts as the recipient and for sending transactions where the sender is the current smart contract.
The simplest Giant smart contract with one field and a setter/getter looks as follows:
'use strict'
import Contract from 'GiantContract'
export default class SimpleContract extends Contract {
constructor(text = 'Hello world!') {
this.text = text
}
setText(text) {
this.text = text
}
getText() {
return this.text
}
}
Smart contracts often operate with a lot of money, meaning that the security requirements in this area are high. Hence, a mandatory part of the development of a smart contract is testing.
Tests in Giant. JavaScript makes it easy to replace any entity and to simulate its behavior. There is a low connection between the blockchain and virtual machine. Therefore, it is easy to integrate Giant directly with any Integrated Development Environment (IDE) to provide a test compatible with the execution environment of this blockchain. Therefore, it will be easy for the Giant smart contracts to write unit and integration tests using JavaScript code testing schemes.
Tests in Ethereum. Due to the fact that Ethereum smart contracts, after their launch into the network, can not be modified, developers need to be very careful when testing these contracts. Testing is important to ensure that the contract behaves in the network as intended, and also to identify contracts’ bugs, vulnerabilities, and risks. There are many tools available for testing Ethereum contracts, for example, Truffle, DApple, EmbarksJS, etc.
In General, the principle of the Giant and Ethereum tests is similar, except that the Solidity test environment is a cross-compilation of the Solidity and JavaScript languages, while the Giant environment is unified and is represented only by the JavaScript.
The original article could be found on: https://giantpay.network/pages/javascript-in-the-code-of-smart-contracts
You can find the most recent news and insights on the Giant project on our Discord server: https://discord.gg/wFBmkJD
If you are interested in our project, tell your friends about the Giant in your social networks and forums, and subscribe to the news on the Giant project on the following channels:
