Security in script

Hey guys

I read a little about Ethereum (only so much), sounds like a good idea.

One question came to mind however. If a "Contract" can contain its own memory and executable code, is there going to be a security issue? I could imagine someone writing a virus inside a contract, for example. I'm guessing that the code in a contract would be executed by all network participants. Therefore there's going to be a need to lock-down the scripting language, right?

Please clarify, maybe I'm misunderstanding it!

Comments

  • chris613chris613 Member Posts: 93 ✭✭
    Put simply, yes, security is a concern. The most basic things are covered, for example the scripting language has no i/o type operations except to read the current block data, current transaction data, and the contract storage of itself and other contracts, so it is much less powerful to affect the executing host than something like java, javascript, flash, native code, etc. On the other hand experience has shown that it is often possible to make interpreters do things that were not intended. By matter of comparison I think it's fair to say that making ethereum's script interpreter secure will be significantly harder than making bitcoin's script interpreter secure, and especially to match the security of the further stripped down version that bitcoin currently supports in practice.
Sign In or Register to comment.