|
|
|
|
|
|
by Thorrez
309 days ago
|
|
|
I'm not sure how blockchain is relevant here. The only one that needs to compile Solidity is the person who wrote the Solidity, right? Same with non-blockchain software. So a bug in a Solidity compiler will have the same impact as a bug in any other compiler. At least with regard to executing untrusted code. |
|
|
Back in 2017, I wrote a comment on HN listing the various WTFs and gotchas I found just from skimming the Solidity docs: https://news.ycombinator.com/item?id=14810008. I went and looked at the current docs, and most of what I wrote back then is still applicable (they did make arithmetic checked by default, and fixed scoping for local variables). There's some other stuff that I missed then that is frankly even more insane - e.g. mappings use solely the hash to look things up (i.e. if you get a hash collision, it will just silently return the wrong value!).
This alone is, to me, a good reason to not trust the ecosystem, given that it's run by people who believe this to be a sensible design for something that handles massive amounts of money.