Vyper is a smart contract programming language inspired by Python. Vyper compiler, written in Python, translates Vyper source code to EVM bytecode. Various organisations are launching an open security audit competition for the Vyper compiler with more than $150k in prizes starting September 14th.
Background
Vyper is in the top three smart contract programming languages among Solidity and Rust. As the successor of the original smart contract programming language, Serpent, Vyper started to grow as an open-source project created by a few enthusiastic with a vision to create a simpler and, thus, more secure smart contract programming language. The technical elegancy brought success. Today, Vyper is used in production in decentralised finance projects like Lido, Curve and Yearn.
Being an open-source, developer-led non-profit project, Vyper has never had large organisations backing it or excessive funding. In light of a critical compiler bug in the old Vyper compiler version (originally fixed in 2021), leading to the loss of several millions of dollars, various parties are now organising a free-to-enter auditing competition for the Vyper codebase.
For more background on the Vyper, please see this YouTube video.
About the competition
As the writing of this, the prize pool is $150k, and it is increasing as more organisations are making donations. The prizes are called “bounties” and are rewarded for those you find bugs in the Vyper compiler codebase.
CodeHawks, a security audit competition platform, is hosting the competition. The competition will start on September 14h, 2023 and ends on November 4th.
The codebase to audit is ~15,000 lines of Python.
Is this for me?
You should consider participation in this audit competition if for example
-
You are a Python developer (Vyper codebase is in Python)
-
You understand security
-
You understand compilers
-
You understand smart contracts
Even if you are not yet proficient in any of the above, you can still join the competition to polish your skills. Vyper community is very welcoming and happy to support newcomers.
How to get started?
The rules of the competition are not yet final. Any newly opened issue which demonstrates making Vyper compiler generate invalid code, and especially dangerous code, will be rewarded. Other smaller issues, low and medium impact, will also be rewarded.
- Vyper internals blog post by pcaversaccio, made as a preparation for the competition
As the competition details and prize pool are not yet final, please join and follow the Vyper community for updates.