Smart Contract Security Can’t Afford to Fail—and With the Clarity Programming Language, It Won’t

More than $75B is locked in smart contracts powering DeFi alone. The market cap of stablecoins exceeds $140B, and NFT trading volume in 2023 was $11.8B. In a decentralized future where billions of dollars are already being managed by smart contracts, and bugs and vulnerabilities in the code could be catastrophic, how do we empower developers to create high-assurance smart contracts?

Type
Deep dive
Topic(s)
Clarity
Published
February 28, 2024
Author(s)
CTO
Meet a language designed for security from the ground up.
Contents

Many smart contract programming languages lack the capacity to enable developers in building secure decentralized applications, and there are two reasons for this. First, smart contracts are only as secure as their underlying blockchain. Second, hackers can exploit vulnerabilities in smart contract code in order to steal funds, whether that’s vulnerabilities like reentrancy, bad randomness or time manipulation. And some languages are more vulnerable to exploits than others.

How do we empower developers to build high-assurance smart contracts?

In this post, we’ll be taking a closer look at the Clarity language, the open-source programming language for Stacks, and how it enables developers to write smart contracts secured by Bitcoin.

The Crypto Industry Can’t Afford the Failure of Smart Contract Security

Smart contracts are the foundational blocks of Web3. They enable apps built on top of blockchains and power DeFi, NFTs, Web3 games, DAOs, and any other decentralized solutions you can think of. Since smart contracts are the cornerstone of blockchain applications, when they fail, the applications built with those contracts fail, and the entire ecosystem suffers.

Smart contracts are honeypots that attract hackers.

The challenge is that blockchains are a fundamentally different programming environment, which leads to new problems. Bugs in smart contract code are almost impossible to fix because code on blockchains is immutable (by design), and there is no “undo” button on a public, decentralized network. Today, smart contracts are exposed to varying degrees of risks, bugs, and vulnerabilities, and these bugs and vulnerabilities have real-life repercussions in industries: user funds are at risk, business logic is public and can be exploited.

For example, DeFi is consistently being targeted by hackers because it’s a honeypot, with $75B locked in smart contracts. Blockchain Analytics company Elliptic reported that the DeFi industry recorded about $12B in losses in 2021, and as much as $5.5B was lost through code exploits. One such code exploit includes the BurgerSwap incident, in which an omission of a single line of code in the smart contract led to a $7.2M hack. In another, a hacker exploited the Proxy Lock Contracts of Poly Network across three different chains — Ethereum, BSC, and Polygon — to steal $611M, in what is the largest single hack in the cryptocurrency industry.

As decentralized solutions continue to gain increased adoption across multiple industries, hackers will be more active in their search for smart contract vulnerabilities to exploit. Indeed, in 2023 the number of hack incidents increased compared to 2022.

But the stakes are higher than just stolen funds.

Insecure Smart Contracts Will Have Regulatory Repercussions

Not only do hacks create the obvious problem of stolen funds, but they introduce more volatility to an already volatile space. A research paper by Klaus Grobys, a professor of financial economics, found that the price of Bitcoin and Ether became more volatile in the wake of a hack.

Regulators from around the world have cited high volatility risk as one of the reasons they advocate for strict rules on the role of cryptocurrencies in the global economy. Unfortunately, that volatility will stay high if hackers continue to find vulnerabilities to exploit in smart contract security. Combining volatility with insecurity is a recipe that invites unfriendly regulatory policies. Those policies, in turn, would stifle innovation and make it more difficult to build decentralized applications.

Insecure Smart Contracts Will Slow Down Crypto Adoption

Right now, the crypto industry is enjoying the enthusiasm of early adopters and technologists, and the space is just beginning to get larger inflows thanks to the approval of Bitcoin ETFs in the US. However, we are talking millions of users, and we want to reach billions.

Crypto-assets may struggle to unlock broad mass-market adoption if the average person is worried about the security of their crypto assets or if they find decentralized apps unusable due to smart contract bugs. After all, the goal is not to have users hold a Bitcoin ETF, but to build a new generation of decentralized apps that change how people interact in the digital sphere.

Similarly, enterprises that adopt blockchain-powered solutions might face legal liability if the smart contracts powering their operations fail. Businesses that have built their brands on decades of reliability may hesitate to adopt decentralized solutions if they can’t trust smart contracts to perform their designed function.

There is a clear need in the industry for a programming language that makes it much harder to have bugs in the code.

The immutability of blockchain makes it difficult to undo transactions, and it is practically impossible to recover stolen funds. If hackers find and exploit vulnerabilities in smart contracts, it would be difficult, if not impossible, to recover the losses.

Therefore, there is a need in the industry for a programming language that makes it much harder to have bugs in the code, and that can enable tooling to surface vulnerabilities in smart contracts before they are deployed. The Clarity language excels at this, and it leverages Bitcoin to do it.

Smart Contracts Can Be More Secure If They Are Anchored by Bitcoin

Smart contract security is partially dependent on the blockchain network on which it is hosted. The consensus mechanism, cryptographic hashing functions, network effects, developer activity, and crypto-economics, among other things, all influence the security of a blockchain and by extension its smart contracts.

Of the blockchains in existence today, Bitcoin is the most secure; its security has been battle-tested for more than a decade, and the capital requirements needed to attempt a successful attack on the network make such attacks unfeasible.

Of the blockchains in existence today, Bitcoin is the most secure.

Other blockchains with robust smart contract mechanisms can’t quite boast the same level of security and reliability as Bitcoin. For instance, Solana was a victim of a distributed-denial-of-service (DDoS) attack and has crashed several times, Ethereum Classic has been attacked three times, Avalanche crashed in February for several hours, and fallout from the DAO hack on Ethereum is still fresh in memory.

While many of the most prominent blockchains have been hacked at some point in their history, or have experienced network outages, the same can’t be said for Bitcoin, despite it being the longest-running blockchain. That’s by design.

Bitcoin was created with a scripting language that makes it difficult to add new features that could introduce vulnerabilities. Bitcoin script is a simple programming language used for processing transactions, and it has limited functionality. As a result, developers can’t write smart contracts or complex logic on Bitcoin, but with Bitcoin layers, they can.

Stacks, a Bitcoin L2, taps into the security of Bitcoin and enables developers to write smart contracts and build decentralized applications that settle on Bitcoin. Some of the applications already built on Stacks that leverage Bitcoin’s security include:

  • ALEX: a popular DEX and token launchpad
  • Stacking DAO: a liquid stacking protocol for Stacks
  • Gamma: a NFT marketplace for exploring, collecting, and selling NFTs
  • Sigle: a decentralized writing platform for creatives
  • And more

The Clarity Programming Language: A Tool for Writing Secure Smart Contracts on Stacks

Developers write smart contracts on Stacks using the Clarity programming language. Clarity is a relatively new open-source programming language developed by the Stacks Foundation, Hiro, and Algorand, among others.

Since Stacks launched in January 2021, Clarity has seen rapid adoption within the ecosystem. To date, over 80,000 smart contracts written in Clarity have been deployed on the blockchain. 

Not only does Clarity enable smart contracts to settle on Bitcoin and leverage Bitcoin’s security, but the Clarity language itself is designed with security in mind. Here are Clarity’s unique features that empower developers to create better smart contracts.

If you’re a visual learner, you can discover Clarity’s features in a recent workshop we did with Developer DAO, covering the differences between Ethereum's Solidity and Clarity:

Write Secure Smart Contracts With Clarity

Clarity smart contract definition is specified in a LISP language, and since LISP’s syntax is very easy to parse, we can write a compact parser for Clarity programs (this parser is part of the Stacks blockchain). This reduces the surface area for potential bugs within the Clarity interpreter and allows for more sophisticated developer tooling (see this debugging guide and validation guide).

The Clarity programming language also benefits from the time-tested strengths of other LISP-like languages, such as brevity, being easier to reason about (e.g. functions without side effects), and better composability. As a result of these strengths and the compact parser, smart contracts written with Clarity need less code than smart contracts written in other programming languages, and less code reduces the possibilities of bugs in smart contracts.

Because the Stacks blockchain acts as a light-client for Bitcoin, Clarity programs have on-chain access to Bitcoin state like block headers. This can be leveraged in several ways. For example, this Clarity wrapper supports helpful Bitcoin-related functions. Notably, you can supply a Bitcoin transaction hash, and Clarity can verify if that transaction was mined on Bitcoin. That functionality can then be used in practical use cases, such as auditing the behavior of stacking pools.

Similarly, Clarity is intentionally designed to prevent reentrancy attacks that might repeatedly call into contracts from a single transaction in a bid to corrupt the internal state of the contract. Whereas other smart contract languages, such as Solidity provide an optional [noReentrancy] guard that developers may or may not use, Clarity completely eliminates the reentrancy risk as part of its design.

Learn more about how Clarity addresses some of the major smart contract vulnerabilities, and check out how Clarity compares to Solidity in greater detail in our head-to-head comparison.

Write Predictable Smart Contracts With Clarity 

The Clarity programming language has a unique design that differentiates it from most other smart contract languages. Clarity sacrifices some types of functionality (e.g. arbitrary recursion) in favor of decidability, so developers, users, and miners can know with certainty how the execution of their smart contracts will pan out.

In other words, the language is decidable. Developers can analyze Clarity code for runtime cost and data usage before running the code. This decidability helps developers and users predict how much it will cost to run a smart contract, and they can then make informed decisions to prevent the contract execution from failing in live use cases. And of course, this decidability makes debugging a much easier process too.

Importantly, with Clarity, there are no compilers, assembly, or bytecode. Smart contracts are broadcast to the blockchain exactly as they were written. This means that both developers and users can audit the smart contract code and know exactly what to expect when the code runs. Clarity smart contracts adopt the WYSIWYG (What You See Is What You Get) principle, which enhances transparency by making the contracts auditable for both technical and non-technical users.

Stacks is effectively a “GitHub” for Clarity contracts, where developers can look at and borrow from the code of other proven contracts.

Unlike other smart contract programming languages in which most users will have to take a leap of faith and trust the developers, Clarity enables users to confirm that the smart contract code is unaltered from the source code and verify that it is free of bugs or malicious intent.

The fact that the source for every single Clarity contract is publicly readable on the blockchain has some interesting second-order effects. The first is that the blockchain effectively becomes a “GitHub” for Clarity contracts, where developers can look at and borrow from the code of other proven contracts.

Secondly, the fact that other developers can look through the code, in turn, raises the bar for quality because developers have a social incentive to write elegant code (no one wants to be the public author of a bad smart contract). Lastly, this trait makes it harder to pull off exploits because whatever an attacker does is visible to everyone else too.

The Future of Smart Contract Security Is Woven into Bitcoin 

The cryptocurrency industry has its earliest histories rooted in the cypherpunk movement of the 1980s, but in the last 10+ years since Satoshi’s whitepaper, blockchains and their decentralized applications have gained mainstream recognition. Bitcoin substantiated the idea of peer-to-peer money, but beyond money, Bitcoin is an inspiration for how decentralized solutions can revolutionize entire industries.

While other blockchains have previously hogged the narrative about powering smart contracts, Bitcoin is the only blockchain that can provide the security component that smart contracts need to be as secure, or potentially more secure, than existing centralized solutions. Through Stacks, the Clarity programming language lets developers code smart contracts that benefit from Bitcoin’s security.

Learn more about Clarity here and in Hiro docs, and test your knowledge with these interactive Clarity quizzes:

Product updates & dev resources straight to your inbox
Your Email is in an invalid format
Checkbox is required.
Thanks for
subscribing.
Oops! Something went wrong while submitting the form.
Test Your Knowledge
Copy link
Mailbox
Hiro news & product updates straight to your inbox
Only relevant communications. We promise we won’t spam.

Related stories