In solving the levels of the CTF, we have seen the pitfalls of using a programming language like Solidity to develop smart contracts. To address this, one language that has been proposed is Vyper. In this lab, you will see how our initial smart contract MyContract can be written in Vyper and deployed on Ethereum. For more resources on Vyper go here. For an on-line Vyper interpreter, go here.

What you'll learn

What you'll need

  1. Log into your Metamask account and ensure you are using Ropsten

  1. Visit the Remix IDE at https://remix.ethereum.org
  2. Click "Vyper" for your environment

  1. The environment is similar to that of Solidity

As before, MyContract takes in ETH (the cryptocurrency used for Ethereum transactions). Anyone can send ETH to this contract and anyone can destroy it. Upon destruction, all ETH from the contract is sent to its owner (the wallet that has deployed the contract).

owner: public(address)

@public
def __init__():
    self.owner = msg.sender

@public
def v_cashOut():
    selfdestruct(self.owner)

@public
@constant
def v_getBalance() -> wei_value:
    return self.balance

@public
@payable
def __default__():
    pass 
  1. Go back to the Remix file explorer and paste the code into a file in the IDE
  2. Click on the Vyper compiler icon to bring up the compiler

  1. Compile the contract
  2. Click on the "Deploy & run transactions" tab
  3. Deploy the contract

Remix is one of several options for compiling Vyper contracts. Another option is via the Vyper package in Python. To try this method out. Bring up your Ubuntu 18.04 VM from prior labs. Then, create a virtual environment and install the Vyper package:

virtualenv -p python3 env
source env/bin/activate
pip install vyper

Then, create a file MyContract.vy that contains the MyContract code from before. Compile the contract and show the EVM bytecode produced.

vyper MyContract.vy

If you have difficulty using the Remix compiler to determine what errors you might have in your Vyper program, the Python Vyper compiler is an alternative.

Another alternative for compiling Vyper is the Vyper Online Compiler at https://vyper.online

The site contains several example Vyper contracts from the Vyper documentation.

Enter your the MyContract code in the "Source Code" window and then Compile it. Click on the Bytecode tab to show that the bytecode generated is the same as in the Python Vyper compilation.

Vyper builds in underflow and overflow checks on arithmetic operations when they are compiled to EVM bytecode. While this adds overhead, it can prevent disastrous errors that can lead to significant ETH being lost. To demonstrate this, consider the contract below:

owner: public(address)
instructor: public(address)
commission: public(wei_value)
funds: public(wei_value)

@public
def __init__():
    self.owner = msg.sender
    self.instructor = 0xe9e7034AeD5CE7f5b0D281CFE347B8a5c2c53504 
    self.funds = 0
    self.commission = 1000

@public
@payable
def __default__():
    self.funds += msg.value

@public
def v_cashOut():
    send(self.instructor, self.commission)
    selfdestruct(self.owner)

@public
def v_reduceCommission():
    self.commission -= 500

@public
@constant
def v_getBalance() -> wei_value:
    return self.funds

What scenario will cause an underflow to occur?

Take a screenshot of your Etherscan transaction for creating the contract for to include in your lab notebook

  1. Deploy via Remix's Vyper environment
  2. Call (fallback) to add funds to contract
  3. Click on all public gettrs and v_getBalance and screenshot the output
  4. Use repeated transactions to v_reduceCommission to show how Vyper differs from Solidity in how it handles arithmetic
  5. Show screenshots of the console within Remix of successful and unsuccessful transactions

You've created, deployed, and interacted with smart contracts written in Vyper. While the language is a safer one to use, it is not being used very prevalently yet. You can change this.