undefined | Better HN

0 pointsjude-8y ago0 comments

Because in practice, I'm trying to reason about the consequences of submitting a given transaction. A transaction can invoke many smart contracts in addition to mine. It's not enough for my code to be correct; every piece of code the transaction causes to run has to be correct as well.

0 comments

nicksdjohnson8y ago

If you want to know what a given transaction will do, you can simply run it locally; no need for formal analysis. Formal analysis is useful for proving properties about your program like "the total balance will always equal the sum of the accounts" and "transfers never increase the sender's balance".

jude-OP8y ago

I want to know what any possible transaction can do. See my sibling comments.

nicksdjohnson8y ago

But you can reason about what any possible transaction can do by reasoning about all possible inputs to your code; you don't need to know anything about how other contracts were written, since even if they are formally provable, they could send you literally any input.

Edit: Rereading your earlier comment, I understand now - you're talking about other contracts your code calls, not vice-versa. In that case, I'd point out that you're totally free to either write those contracts yourself if they're not already provably secure, or write your own code such that it's formally proved to work regardless of what those contracts do.

1 more reply

j / k navigate · click thread line to collapse

0 pointsjude-8y ago0 comments

0 comments

nicksdjohnson8y ago

jude-OP8y ago

I want to know what any possible transaction can do. See my sibling comments.

nicksdjohnson8y ago

1 more reply

j / k navigate · click thread line to collapse