I tried to write some contracts on Vyper. However, it’s toolbox is almost empty. Contract development and security checks are much harder than on Solidity. However, SmartCheck already works with Vyper. So, I decided to present Vyper and SmartCheck in this article.

What is Vyper?

New Ethereum feature is Vyper, a child of Python and Solidity. Thus, it looks like a contract-oriented Python that targets the Ethereum Virtual Machine.

It is syntactically similar to Python, so inherits simplicity and readability. It was done in order to make Vyper code maximally human-readable so that users with little prior experience could understand contracts.

However, from Solidity Vyper inherits not so much. For example, there is no class inheritance or modifiers. Moreover, some Solidity features like assert() / require() / revert() are removed. The whole list of features can be found in the Vyper documentation. The main role of such changes is avoiding misleading code and improving security and gas consumption. Except these alterations, Vyper works like Solidity, as contract structure and built-in functions are the same. Moreover, EVM is the same too.

So, if one works with Ethereum, it may seem to him/her, that it is a great possibility to start writing smart contracts without old problems. However, not everything is that good, as Vyper is still in beta version and just doing first steps. Thus, developers run short of tools for Vyper. One can check the whole list of tools and suddenly there are no security tools at all.

Let’s check security

Many Solidity developers know SmartCheck, but now it also scans Vyper contracts. You can upload your .vy files here and check it for vulnerabilities. Let’s see how it works.

We have created a short contract, which consists of three functions (constructor, fallback and logic function). This contract is a game where an investor can deposit money and double them if lucky_time is guessed or lose a half of them. Contracts code:

investor_money: uint256[address] lucky_time: timestamp @public def __init__(_lucky_time: timestamp): self.lucky_time = _lucky_time @public def __default__(): throw @public @payable def add_investor(money: uint256): if block.timestamp == self.lucky_time: self.investor_money[msg.sender] = 2 * money else: self.investor_money[msg.sender] = money / 2

All we need to do is to upload a file (smartcheck_test.vy on the screenshot).