OpShin Bug Bountys - Squashing Bugs in Python Smart Contracts

[SOLUTION] Please describe your proposed solution.

This proposal suggest to introduce a program that incentivizes removing bugs from the OpShin tool chain by prizing out the resolution of issues. But what is OpShin?

This is OpShin: a toolchain that lets developers construct Cardano smart contracts in Python. Why Python?

The problems of Haskell

Haskell is hard

As an exotic language, Haskell has very few people able to work on it, ranking only the 25th most used language on GitHub, with only 0.39% of the userbase actively using it. Very few people are proficient in Haskell, and even fewer can help you out with the peculiarities of PlutusTx: with how to implement smart contracts on Cardano.

Instead of building in the language you already know and use in everyday work and life, you have to learn a completely new language – and peer support for it is limited.

On-chain code doesn’t integrate smoothly with off-chain code

Whilst the on-chain part of a dApp handles the transactions on the blockchain, the off-chain part often handles the rest of the dApp. Developers are forced to use two completely separate tools, often in separate languages. This costs Focus - and introduces unnecessary friction at integration and potential security issues.

Instead of working on how to best solve a problem to serve your users’ needs, you’re pulling your hair trying to make the two halves of your dApp work together.

Smart Contract size is limited, and PlutusTx is hefty

Smart Contracts have tight constraints on size and execution steps. PlutusTx and other tools often translate type constraints to expensive and unnecessary on-chain transactions, limiting developers in the complexity of what they can build.

Instead of building the best solution possible, you’re hamstringing yourself just to make sure the most critical parts of your smart contract can be executed on the blockchain.

How OpShin frees you

The OpShin Toolchain comprises several projects that aim to facilitate the development of Smart Contracts and dApps on Cardano. They are largely based on Python, or integrate well with it for maximal accessibility.

Python has a wide and growing community

At the time of writing, Python is the second-most used language on GitHub, with 14.75% of the active userbase working with Python, and enjoys a 22.5% year-over-year increase in users; this is driven in part by its utility in data science and machine learning.

Everyone who knows Python can leverage the toolstack available for Python development to build on Cardano; and that is a lot of people, with a lot of tools.

OpShin natively integrates with Python Cardano tooling

Developers can build both off-chain and on-chain tooling in just Python, and are able to directly import definitions and functions that are defined in the on-chain contract, into their off-chain tooling. This reduces the friction that is naturally-induced by Cardano’s design when building combined tools.

Everyone who knows Python can develop fluently and without interruption, without the cost of constantly having to change gears and mindsets just to build dApps.

OpShin is light, fast, and maintains security

OpShin enforces strict typing on the high-level programming: it implements a type system on top of Python type hints. However, all traces of typing are erased during compilation, for a maximum efficiency program. OpShin beats many programming languages when taken to the test for real use-cases.

Everyone who knows Python can build a dApp that runs faster, costs their users less, and executes more.

How does OpShin perform?

How much does OpShin save?

Testimonials

“ImperatorLang makes smart contract development the easy part of dApp development. I have spent far longer on off-chain code than on implementing smart contracts.” - <member communityid="163" id="190045">while0x1</member> SPO

“My experience was very positive. As a python library, eopsin does well at performing as expected. It's clear when things don't work and the language is intuitive.” - Julius Frost, Full-time Python dev

[IMPACT] Please define the positive impact your project will have on the wider Cardano community.

The OpShin toolchain is and will always be fully open-source. This is a necessary property of a Smart Contract language that requires widespread trust and inspectability.

The impact on Cardano is already huge - within 5 months of the initial release, 3 dApps have been released built on OpShin. We are expecting that this will grow even more with additional funds to foster the development of documentation, developer experience improvements and educational content.

We want to make sure that the code quality of OpShin will remain high and hence want to offer rewards to developers that discover and fix issues in the code base. This will make sure that the project can provide the required security for software as critical as Smart Contract programming languages.

[CAPABILITY & FEASIBILITY] What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

The main proposer, Niels, has already bootstrapped the main part of the project. In its current form the tool is able to be used and already being used. The proposer is completely doxed and well-known in the Community.

He also has a strong network of competent and experienced developers interested and capable in supporting the project.

The main goal of this proposal is to improve usability and developer experience with respect to Smart Contracts on Cardano. With the given funds, the continued development of the toolchain is secured as developers can be hired to tackle basic issues in the toolchain whereas the main proposer is able to allocate more time of the day towards developing OpShin himself.

[Project Milestones] What are the key milestones you need to achieve in order to complete your project successfully?

After successfully obtaining the grant, every issue in the OpShin codebase will be annotated with a reward value between 100 ADA (for simple bug fixes) and 4000 ADA (for larger/major changes to the system).

>The valuation for issues will be announced and gradually rolled out to a test set of 10 issues. Over the next month feedback on the valuation is collected and re-evaluation will be considered.

>The issues are reevaluated and further rewards are announced and written out. Every new issue is annotated with such a reward within 7 days.

[RESOURCES] Who is in the project team and what are their roles?

Niels Mündler aka nielstron is well-known in the Cardano Community. He has co-founded the MuesliSwap DEX and gave birth to the programming language OpShin. His background is computer science at ETH Zurich, Switzerland.

In the OpShin team, he is taking over the role of Founder, CTO and CEO, running the whole thing as a one-man show.

He is supported by Julius Frost, Boston U graduate and working in the ML field, who created the opshin pioneer program and is a highly experienced Python developer. He is a frequent contributer and maintainer and helps assessing the quality of submitted issues and PRs.

[BUDGET & COSTS] Please provide a cost breakdown of the proposed work and resources.

Expected amount of issues in the OpShin repository: 40 (currently 30 with 45 closed)

Median amount of bug bounty for resolving an issue: 1105 ADA

Estimated total cost: 40 * 1105 ADA = 44200 ADA

[VALUE FOR MONEY] How does the cost of the project represent value for money for the Cardano ecosystem?

Highly competent developers have their price. Instead of continuously funding a project with intransparent rules and spendings, this proposal will attract competent developers and reward them on a merit basis.

The cost is extremely low compared to the cost of Haskell developers, since Python developers are commonly employed for all kinds of positions and more easily available on the market. Still, we need to provide some compensation for their efforts to improve and maintain the code base of such a critical open source project.

bookmarked!