[drdeca]

Afaik, no, proofs of correctness are not currently implemented in the languages that are used. Some of them iirc have a way to do that in part, but currently the languages aren't set up for full proofs of correctness. (But, iirc, some things can be shown)

It is planned though.

Ok, yes, I suppose that the contracts will/would eventually get kind of long. As it is now though, It hasn't taken me /all/ that long to read the contracts I've looked at. (But perhaps I've only bothered to look at the ones short enough to read )

Regarding finding security flaws despite people looking carefully: yes, that seems a good point. I think proofs of correctness will be important for important contracts. However, many contracts logic is not really all that complicated. A contract can be powerful without being complicated, I think. Because of this, I think much of the time the proofs should not be too hard to write.

Regarding running out of gas:

Well, yes, if the transaction you send does not have enough gas, and you needed it to run, that could be a problem. But, if you run the transaction locally, and use that to estimate the amount of gas which needs to be used (might not be exact if the state of the contract changes in a way that your transaction needs more computation, but for reasonable contracts I think this would not be much), and one can provide extra gas in case this happens (the extra gas will be refunded), to have a high confidence that it will be enough.

But, if the transaction is important, one would be watching what happened carefully anyway, to make sure the transaction gets in the chain, regardless of the complications from the computations in the transaction. If, counter to your expectations, the gas you provided did not end up being enough, then you would be able to notice this, and, though you would be out that gas cost, you could just send the transaction again with more gas.

The block times are very short (under a minute), so you probably wouldn't have to wait long to send the transaction again with more gas. Most of the gas costs shouldn't be too large, so unless the transaction you are sending is very time sensitive, or very computationally expensive, a transaction running out of gas shouldn't be /too/ much of a problem?

I think you make some good points btw, just explaining my understanding of how those things are addressed.

Also, I'm not sure, but it seems you might have a small confusion about gas. Gas is included in the transaction, not stored by a contract over time. Gas only exists within the context of a particular transaction, the token which is actually exchanged is ether. You might have just been choosing not to mention the details of that though.

[nivertech]

I think @mannykannot misunderstands the purpose of gas in Ethereum. It's only purpose is a solution to the Halting Problem [1]. Alternative solution could be disallowing jumps backwards / loops or limiting time of the computation.

Why is it the problem? Because contract with something like while(1){}; will render the entire network of nodes useless.

1. https://en.m.wikipedia.org/wiki/Halting_problem

[mannykannot]

I am well aware of the purpose of gas. What I have not seen is any argument (from @drdeca or anyone else) that gas materially simplifies the problem of verifying that a contract behaves properly (from your perspective, as one of the parties to the contract) in all circumstances. The fact that it will always halt is only a tiny step along that road, and if it halts as a result of running out of gas, that is strong evidence that it has not worked as intended.

An example may be useful. Suppose I tell you that I have written an Ethereum contract whereby people can loan me money, and after a year, I will pay them back double. Before you enter into one such contract with me, I hope it would cross your mind to wonder if I might actually be running a Ponzi scheme. Don't worry, I say, Ethereum has this gas feature that means the transaction will always halt. How much more confident should that information make you feel?

As for your alternatives, gas is essentially the same as limiting the time of computation. If backwards jumps were disallowed, the language would not be even approximately Turing-equivalent.

[nivertech]

1. Gas mechanism has nothing to do with tamper-proofing transactions, thats what blockchain (or more correctly hashchain) is for.

2. There are Turing-complete languages which only allow loops with known number of iterations.

3. Check my presentation, If you want to understand Ethereum programming model:

http://www.slideshare.net/mobile/nivertech/ethereum-vm-and-d...

IMO Ethereum is just a first step in the right direction, the real solution will need to be much more scalable.

[mannykannot]

> 1. Gas mechanism has nothing to do with tamper-proofing transactions, thats what blockchain (or more correctly hashchain) is for.

I am not sure why you are mentioning this here, but if this is what you think I am misunderstanding about gas, perhaps you could point out where you think I made this mistake.

>2. There are Turing-complete languages which only allow loops with known number of iterations.

You did not originally write "loops with known number of iterations", you wrote "disallowing jumps backwards / loops".

> 3. Check my presentation, If you want to understand Ethereum programming model.

Based on your contributions to this thread so far, I am not very confident that I will find my specific question addressed, but if you give me a specific slide number to start at, I will give it a look.

BTW, do you have an answer to the question I posed in the second paragraph of my previous post?

[nivertech]

An example may be useful. Suppose I tell you that I have written an Ethereum contract whereby people can loan me money, and after a year, I will pay them back double. Before you enter into one such contract with me, I hope it would cross your mind to wonder if I might actually be running a Ponzi scheme. Don't worry, I say, Ethereum has this gas feature that means the transaction will always halt. How much more confident should that information make you feel?

Again, it has nothing to do with gas. You just need to review/audit the contract's source and EVM code and be sure it doesn't have backdoors.

For simplicity, you can think about Ethereum Transaction as an RPC call to Ethereum contract, where in addition to arguments (Data), you can also transfer a monetary value (in Ether) and provide fuel (Gas) for contract execution. Gas price (in Ethers) serves the same function as Bitcoin Tx fee.

Gas mechanism is just an implementation detail.

EDIT:

Regarding the contract example you mentioned "unsecured loan", I'm not sure it can be implemented as a "Self-enforcing contract", which is a proper term for "Smart Contracts". If a contract depends on your will or ability of repaying the loan, then it's not a self-enforcing contract. Somebody need to provide a collateral. It doesn't make sense for you to put up a 1001 Ether collateral to take 1000 Ether loan.

With smart property represented on the Blockchain you will be able to put up your car or apartment as a collateral for a loan, then it can be made self-enforceable. But it's not there yet.

The only way I can see for it to be implemented is with your own token, which will be devaluated each time somebody not repaying the loan in full.

[mannykannot]

I don't think you have ever read the entire thread here. It was drdeca who first introduced gas into the discussion, apparently suggesting that it somehow either solved, or at least mitigated, the verification problem (he was vague about exactly how he thought it helped), and it was I who responded that it made no fundamental difference. The whole point of the example was to demonstrate that gas does not materially simplify the verification problem.

You appear to have replied to the wrong person in your first post in this thread. Did you mean to say that @drdeca, not @mannykannot, misunderstands the purpose of gas?