End user validation of Ethereum contracts.

I just saw Jeffrey Wilcke’s google hang out. it was helpful. i'm starting to wrap my head around this.

What i'm wondering is: how will end users or participants in a contract be able to know and verify what a contract does before they "invest"?

They would need to either:

a) trust a description of what the contract does. this would be some kind of flow chart of what a contract does?

or b) audit the contract code themselves to check that it does what it says.

I guess if a contract is simple and lots of people use it, then trust will be established and hence people will start to invest in it.

I would like to develop an ethereum DAO, but this would probably require quite a complex contract. there would be potential for bad code to cause issues with the operation or fairness of the DAO.

Alternatively, for something like a distributed drop box, the risk to end users caused by errors in the etherum code would be minimal, so this may be a better use case.

Anyway, just thinking out loud here....

Comments

  • UnsoundUnsound San DiegoMember Posts: 6
    People will have to trust the contracts they enter into by either understanding the contract or having a trusted 3rd party analyze the contract and confirm it does what the user wants. Are there any contract analyzer projects currently being worked on?
  • mids106mids106 Member Posts: 188 ✭✭✭
    edited March 2014
    The ecosystem for this will need to be developed. Contract compilation is deterministic, if someone publishes the HLL / LLL source code you can verify that it compiles down to the same ES bytecode as the one in the given contract location (which is hardcoded in the client application).

    To be able to audit contracts, reuse of functions (closures) is encouraged, something possible with the POC 3.5 changes. Contract development naturally has to be very open source, social and transparant. We'll see distributed GitHub solutions, decentralized reputation systems and whole new range of professions like Smart Contract Auditor, Contrast Penetration Tester and Reverend of the Church of Vitalik.

    Does any of this exists? No, not yet. Ready Player One
  • tom9000tom9000 Member Posts: 2
    Thanks guys, good answers. I will keep thinking about my DAO.
  • JasperJasper Eindhoven, the NetherlandsMember Posts: 514 ✭✭✭
    What is a 'Contrast Penetration Tester'?

    Also, i wonder if there is a way to use contracts to do contracts testing.. Somehow a contract would have behavior descriptions(or just one), and people bet on them. If they can prove it doesnt follow some of the descriptions, they get a portion of that bet, and rest to ones that follow more general descriptions.(if possible, the more specific the alternate description, the bigger fraction they get. The descript 'it can do anything' is the vaguest one for instance) That said, no idea how to do it, and it probably over-technologizes, but still interesting to think about.
Sign In or Register to comment.