The idea behind the Vyper Project was to develop something that was designed at the language level to naturally exhibit a high degree of safety. The project was originally authored by Vitalik as a proof-of-concept replacement for Serpent, its predecessor, but shortly after its creation Vyper found itself without a dedicated maintainer. Luckily, there were enthusiastic community members that took up the torch and continued development of the project, and we (the EF Python Team) became re-involved in the project for some time earlier this year.
This fall, a preliminary security audit was performed by the Consensys Diligence team on the Python-based Vyper compiler. You can read the results for yourself here.
We encourage you to read the report, however, there are two main take-aways.
- There are multiple serious bugs in the Vyper compiler.
- The codebase has a high level of technical debt which will make addressing these issues complex.
Since the existing Python-based Vyper implementation is not yet production ready, it has been moved out of the ethereum github organization into its own organization: vyperlang. The existing maintainers are planning to address the issues independently once again, but we will continue to follow the project closely here: > https://github.com/vyperlang/vyper
Meanwhile, our team continues work on a Rust-based compiler in tandem. More on that below, but first, here’s a bit more on how we got to where we are today.
Over the course of this year we worked with the project maintainers to focus on improving the code quality and architecture of the project. After a few months of work we were skeptical that the python codebase was likely to deliver on the idea that Vyper promised. The codebase contained a significant amount of technical and architectural debt, and from our perspective it didn’t seem like the existing maintainers were focused on fixing this.
Earlier this year in August, we explored producing a version of the…