For the average investor, if you are not technical, I've supplied notes in bold that might make more sense.
Solana is a ticking time bomb
(Hackers, Raiders, and Thieves are coming for your moneys.)
Solana decided to build their smart contracts on Rust and C++. The crypto craze caused the demand for these developers to spike. When the demand exceeds the supply of experienced developers, companies start hiring anyone off the street regardless of their background. New developers typically write insecure code. (Radicalists known as Newbies are building smart contracts on Solana.).
Most of the Solana protocols are closed source. Nobody knows what the code is doing. This means there's no transparency to investors. Instead, it requires a lot of trust. Because of this, they focused heavily on yield farming and high interest lending which is a common trap. (Security is not a concern for Newbies. These contracts are stored in tombs built by an ancient civilization. They believe this will protect them. Purists claim the Prophecy has been misinterpreted. Research suggests they may be correct.)
Solana developers compile their human readable code into machine code that runs on Solana. This obscures the logic and makes temporarily impossible to fully understand what exactly is happening. This does not stop hackers, it just slows them down. It also creates false security. "Security through obscurity". They opted to use BPF as their runtime bytecode. Sure, it makes their system run fast, but I think they cherry picked this variation so they could cut corners on security. Decompilers have not yet been created for BPF. Historically the incentive to do this was non existent. ( Blockchain explorers have discovered code scribed on the walls within the entrance of these tombs. Incantations written by tribal leaders during the early internet ages to protect Solana.)
There is currently a large community of developers working to build a decompiler for BPF. Decompilers translate machine code back into human readable code. Institutional investors want that transparency. They want to know what is happening when they sign transactions with their wallet. Hackers want to see that code because thats how the reverse engineer exploits. (Philologist are piecing together clues to understand how the ancient tribes communicated. They believe history will unlock the secrets of the blockchain.)
When someone finally nails this down, smart contracts will become open source. All the contracts written by crappy developers that skipped proper validation will be instantly exposed before retail even wakes up. They will likely launch a blockchain scanner similar to Ethereum, where anyone can read the contracts on-chain. This is why institutional investors use Ethereum. They can audit the code in full transparency. Hackers find exploits by looking through code to see where developers overlooked risk. Solana security is a vail. (If hackers discover these secrets first, they will destroy the blockchain, stealing all the treasure within.).
This is a recipe for disaster. Open source is a critical part of crypto, especially when it comes to smart contracts. Code is law? That doesn't matter if you make it difficult to read the law? Thats not security. The system has never had the opportunity to be truly battle tested when there were less consequences on the table. They have too much TVL right now. It's literally begging to be tested. (Purists are warning that we must not tamper with the blockchain, fearing it will open Pandoras Box causing death and destruction to all)
Proof, Sources, References
Developers already knew this was a problem
[No easy way to verify source of on-chain programs · Issue #12232 · solana-labs/solana · GitHub](https://github.com/solana-labs/solana/issues/12232)
**Kinda suspicious that they picked the most obscure format they could find **
[BPF - the forgotten bytecode](https://blog.cloudflare.com/bpf-the-forgotten-bytecode/)
[Overview | Solana Docs](https://docs.solana.com/developing/on-chain-programs/overview)
There are serious consequences
[Hack Solidity: Reentrancy Attack | HackerNoon](https://hackernoon.com/hack-solidity-reentrancy-attack)
Ethereum understand that
[Reentrancy - Ethereum Smart Contract Best Practices](https://consensys.github.io/smart-contract-best-practices/attacks/reentrancy/)
Examples for those in the back
[What is Reentrancy? - Reentrancy Smart Contract Example » Moralis » The Web3 Development Workflow](https://moralis.io/what-is-reentrancy-reentrancy-smart-contract-example/)
People are already asking questions
https://www.reddit.com/r/rust/comments/q5u8rz/is_there_berkley_packer_filter_bpf_decompiler/
https://twitter.com/firefly_sol/status/1528601901184569344
Open Source Projects already making headway
[GitHub - aya-rs/aya: Aya is an eBPF library for the Rust programming language, built with a focus on developer experience and operability.](https://github.com/aya-rs/aya)
[GitHub - kentik/convis](https://github.com/kentik/convis)
[Implement an eBPF decompiler/disassembler · Issue #838 · capstone-engine/capstone · GitHub](https://github.com/capstone-engine/capstone/issues/838)
People are creating tutorials
[Kevin K's Blog - eBPF and Rust (Part 1)](https://kbknapp.dev/ebpf-part-i/index.html)
Why its a problem
[Smart contracts and the inherent lack of security in trusting compiled byte code - Ethereum Stack Exchange](https://ethereum.stackexchange.com/questions/45951/smart-contracts-and-the-inherent-lack-of-security-in-trusting-compiled-byte-code)
[Advantages Of Open Source & Closed Source In Cryptocurrency | by Damilola Stephen Debel | AirGap | Medium](https://medium.com/airgap-it/advantages-of-open-source-closed-source-in-cryptocurrency-e14abab57a24)
[What is your opinion on DAapps with closed source smart contracts? : ethdev](https://www.reddit.com/r/ethdev/comments/r5ex1m/what_is_your_opinion_on_daapps_with_closed_source/)
You can get bonuses upto $100 FREE BONUS when you:
💰 Install these recommended apps:
💲 SocialGood - 100% Crypto Back on Everyday Shopping
💲 xPortal - The DeFi For The Next Billion
💲 CryptoTab Browser - Lightweight, fast, and ready to mine!
💰 Register on these recommended exchanges:
🟡 Binance🟡 Bitfinex🟡 Bitmart🟡 Bittrex🟡 Bitget
🟡 CoinEx🟡 Crypto.com🟡 Gate.io🟡 Huobi🟡 Kucoin.
Comments