Moving Over to Vyper

Lendroid is one of the first projects to completely switch to Vyper, with fully audited smart contracts.

The Ethereum Foundation, in the fourth wave of its grants, lists Vyper development and Vyper auditing in its wishlist. That the foundation likes a particular language is usually a good enough reason for most developers to jump ship, but coders’ struggles with Solidity — also championed by Ethereum — meant that Vyper had to work harder to endear itself to us. And it did!

On the blockchain, where gas is dear and threats abound, there are really only two boxes that a smart contract needs to check to pass muster -

1. It must be light and as simple as possible
2. It must be secure

Easier said than done.

A freshly deployed loan contract, for instance, can guzzle up to 4 million in gas. Granted, we can take to recycling contracts to cut costs, but this is far from ideal. The security concerns with Solidity are another matter. It is a beloved language, painstakingly worked on by committed developers, but the toll, some would say, has been heavy. Over the last few years, a rash of attack vectors have been identified and the remedies have mostly been post facto, from the DAO onwards.

Vyper is optimized, according to the GitHub page, for security, language and compiler simplicity, and auditability. We found we were in agreement with this. We began playing with Vyper to bolster ReloanR, a secondary market for DAI. It clicked and now we have decided to completely shift to Vyper as our primary smart contract language. For us, Vyper seems like a pragmatic way forward. It is a happy feeling to realize that Lendroid is among the first in the space to switch to Vyper, and we are thrilled about this journey.

Here are some highlights so far.

1. No more cross contract calls

While most frameworks and their cousins move towards modular designs, Vyper can be fascinatingly monolithic. Counter-intuitive as it might seem, Vyper owes much of its robustness because of its monolithic architecture.

Imagine a single contract that does everything — including loan kernel creation, fill, top up, position validation, cancel and close. It also takes care of filling in the token allowance at the outset.

In effect, this does away with the need for cross-contract calls and all allied security implications. That’s not all. The flow of the loan process becomes linear and logical when it’s all bundled within a single contract.

2. Minimizing unknown unknowns

We really don’t know where an attack vector can pop up from, can we. The best we can do is to minimize vulnerabilities and Vyper is by far the most secure we’ve seen. While we’ll slowly modularize the architecture in subsequent versions, this monolithic framework seems the most secure right now.

Fewer cross contract calls mean fewer attack vectors. An inherently lean style means a tighter code base and therefore, fewer attack vectors.

Smart contract programming is not to be taken for granted, and the shift to a more air-tight environment in Vyper only makes sense.

3. Faster, lighter, better

Efficiency has been a very welcome core feature of this language. Consider this. In the solidity version of ReloanR, a loan contract would require a healthy 1.7 million gas when deployed. This was still only half of what a loan process would guzzle in other lending protocols, but the level of consumption is hardly sustainable.

With Vyper, a loan contract would consume around 800k or less in gas. That is a radical improvement in efficiency. And there’s still a way to go. We believe the contract can be optimized much more and we shall do so, in subsequent updates.

We have also been able to infuse a few nifty advantages to the contracts — like a locking mechanism, for instance. Say a loan is falling below the margin level. The wrangler is within his rights to liquidate it. But he can’t; the loan position would be locked if the borrower chooses to top up the collateral. Cool, innit?

As version 1 of the Protocol gets ready

In the two or three-year history of smart contracts, there has been so much progress, and so many risks and much uncertainty. Our aim has been to not just survive uncertainty, but to thrive in it. We see this shift to Vyper as a definitive step in that direction.We are and will remain a non-rent-seeking, open protocol. As we get the smart contract audited, feel free to have a look at the Vyper code here : https://github.com/lendroidproject/protocol.1.0/blob/master/contracts/protocol.v.py

Over the next few days, we will also release an updated version of ReloanR. Something to look forward to!