Can someone give me a good use case (even better if you're doing it yourself) for a smart contract?<p>What is anyone doing with them that they find really handy?<p>I've never been able to understand how it gets used / why you would use smart contracts. I've googled and read... still don't grok it.<p>I've seen so many "benefits" listed, but none make sense to me as far as the process you go through and how it works out in the end. Often it's described as a magic thing that eliminates the use of "intermediaries" and so on. I suppose that is true but you only get to that by going through all the complexity of from making sure someone writes a good contract / getting folks from the outside to review and validate it and so on. I'm not sure that saved a lot in the end.<p>Much like a most things blockchain I find these ideas (not bad ones) and then the practical usage ... much less than ideal.
Smart contracts are fundamentally a business technology where money is hosted & manipulated natively on the platform.
This is pretty awesome & could be very dirsuptive.<p>The problem is at least in ecosystems such as Ethereum you have a single line of defense, your smart contract code. And that code is written in a poor language with very little security features.<p>Worst if something go wrong you can maybe pause, suicide your contract before your money is gone (what goes again the very principle of the platform) or if you are lucky & worked very hard on this you might have the chance to upgrade your contract.<p>The result is any contract being used seriously need to go through a long & very expensive by one of the few serious company is this field.<p>For now the Ethereum project have been very focused on solving the scalability & decentralization problem but my guess is without big progresses on the smart contract security & developer experience front no serious actor will ever consider adopting the platform.
Every time I hear about another massive hack on Ethereum, I feel a little bit sad that I didn't specialize in software security. For many years there was huge amounts of free cash just sitting on a table waiting to be taken, a victimless crime (VCs and cryptobros are not victims, everyone is playing the same game).<p>I expect the low-hanging fruit has gone now. And setting up spearfishing attacks to scam teenagers out of their NFTs doesn't seem as noble (or as profitable).
I appreciate how organized the Consensys guide is laid out. It's pretty easy to read. Trail of Bits has a similar guide that is a little more in-the-weeds technically. It also covers, what we think is, essential background about certain automated analysis techniques like static analysis and how fuzzers work. Check it out!<p><a href="https://secure-contracts.com/" rel="nofollow noreferrer">https://secure-contracts.com/</a>
Beyond the hype, my organization finds that smart contracts are a good area for research in software security methods such as static and dynamic analysis. The reason is that smart contracts are very small compared to general codebases and have a lot of real risks linked to money.<p>For example, here [1] the thesis is that when TVL rises, the probability of being hacked also rises which means that at some point there is not budget that can scale to protect your TVL.<p>[1] <a href="https://bittrap.com/resources/defis-growing-pains:-as-tvl-raises-so-does-the-probability-of-being-hacked" rel="nofollow noreferrer">https://bittrap.com/resources/defis-growing-pains:-as-tvl-ra...</a>
Has anyone tried vyper instead of solidity and if so does it help mitigate any of these security issues? I haven’t tried it because audited libraries are critical to smart contract development and I don’t know if any decent ones outside of solidity.