Why DeFi’s Future Is With Non-Turing-Complete Smart Contracts

Thursday, Sep 3, 2020

DeFi (short for Decentralised Finance) is not a new term, but it became a trending buzzword in the crypto community seemingly overnight. 

And for a good reason–DeFi movement aims to deliver trustless and transparent financial services and tools on decentralised networks, like payments rails, lending and insurance platforms, marketplaces, investment portfolios and, eventually, everything else that is currently in trust of centralised 3rd party entities or government authorities. 

In other words, DeFi aims to leverage blockchain tech to create a global, censorship-resistant, open-access system, where cryptography-secured protocols enrich or entirely replace traditional financial markets, institutions and their money-handling instruments. 

DeFi’s sudden breakthrough is staggering

It sure sounds like a colossal ambition, almost futuristic, but it has come much closer to reality in the past year than most realise. 

On the Ethereum network, where a majority of DeFi-focused developers are consolidating to build the new financial ecosystem, the number of DeFi projects are reaching triple digits already. At the same time, hundreds of Dapps are being built on top.

The numbers speak for themselves. At the time of writing (Aug. 11), the total value of cryptocurrencies locked in DeFi products on Ethereum is reaching an all-time high, sitting at $4,75B. 

To put it in perspective, that’s $2,29B more than it was in July. But on this exact day back in June, the entire DeFi space had just $1,11B locked behind it.

In February 2020, an entire DeFi market on Ethereum had $1B locked in value for the first time in history. Now, the biggest DeFi protocol MakerDAO with its stablecoin Dai alone has $1,42B committed to it, with the money market protocol Compound behind with $815,7M.

Is the hype around Ethereum’s DeFi reasonable?

As the value of crypto-assets locked behind Ethereum’s DeFi projects grows, so does the excitement surrounding them. However, not everyone is impressed as security remains a major concern–the community keeps pointing out flaws that Ethereum’s smart contracts have exhibited over recent years. 

Some of those flaws allowed for quite a few notable attacks on DeFi projects, which almost always have resulted in significant loss of funds to mischievous hackers. 

In March 2020, a considerable part of Maker Vault was liquidated amid sudden Ether price drop. Although, those liquidated funds have never reached the owners. Instead, automated auctions could not keep with the price drop, which left the vast majority of liquidated assets under-collateralised and available to scrap up for pennies. 

The loss for Vault owners was estimated at around $9M. Because of an exploit, the protocol’s creators, Maker Foundation, got a class action lawsuit, had to carry an executive vote to change the parameters of protocol and, finally, reimburse victims. 

In more recent memory, another Ethereum project called Uniswap has suffered a reentrancy attack with ERC777 tokens. In result, the attacker was able to drain the volume of project’s liquidity pool by exploiting a delay in external balance sheet updates. The successful attack rounded up to a loss of $300,000.

Even though before, Uniswap has claimed that protocol does not support ERC777 standard, yet the exploit was possible, and it backfired. If you are interested in exact details how, read this audit, carried out by ConsenSys.

Still, considering all this, why are Ethereum’s DeFi products being marketed as secure despite these and several other unfortunate occurrences?

Complicated is not always better

All these issues in Ethereum’s DeFi space happen not because of inherent bugs in Ethereum’s base layer but a human error–a developer overlooking something crucial while implementing smart contracts on top of existing protocols, which sometimes have flaws of their own. 

In fact, both showcased instances were prone to exploitation due to the complicated nature of Ethereum smart contracts. When you can build them together like Legos, ensuring safety and even performing an audit becomes a challenging task.

Does that mean that you can never be sure whether smart contracts on Ethereum will forever stay intact? Not necessarily. But what is not emphasised enough is that the possibility of exploiting flaws can be minimised significantly in the future. 

The current problem is not incapable developers or auditors doing a lousy job. Smart contracts built on Ethereum are unnecessarily complicated because of their Turing-Complete nature.

Turing-Complete vs Non-Turing-Complete: what does it mean?

In short, Turing-Complete smart contracts support various codebases and allow building very complex structures with any computable functions, which often leads to more ways of breaking and exploiting them; Non-Turing-Complete programming languages, on the other hand, are more specialised; they do not support concepts like loops, recursions, or other similar processes that usually do not terminate on their own. 

When Ethereum was preparing to launch, Turing-completeness seemed like a good idea as it promised significantly broader creative capabilities. But at the time, nobody had any decent ideas about how useful it will actually be. The creator of Ethereum, Vitalik Buterin, addressed this topic by himself in Ethereum white paper, saying:

“Turing-incompleteness is not even that big a limitation; out of all the contract examples we have conceived internally, so far only one required a loop, and even that loop could be removed by making 26 repetitions of a one-line piece of code. Given the serious implications of Turing-completeness, and the limited benefit, why not simply have a Turing-incomplete language?”

Despite blockchain having no need for Turing-Complete functionality, Ethereum still ended up being Turing-Complete. 

How useful is Turing-completeness on Ethereum?

Fast forward to today–this study shows that, currently, only 6,9% of smart contracts built on Ethereum Virtual Machine truly require functions of Turing-Complete language. It also notes that the vast majority of Ethereum’s smart contracts can be coded to function the same way on a Turing-incomplete machine.

It would be naive to expect that the platform will one day reinvent itself and disregard Turing-completeness. But the fact remains–if before, Non-Turing-Complete has been perceived as a possible limitation, now we have studies proving that, in reality, it does not make any impactful difference.

On the contrary, there are several reasons for using Non-Turing-Complete smart contracts, which also outweigh the potential benefits of Turing-Completeness and strengthen security at the same time. 

For example: 

  • The chance of unreasonable code or security-related errors significantly reduces as Non-Turing-Complete language supports only basic scripting functionality for creating smart contracts;
  • Non-Turing-Complete smart contracts do not support any recursion or complex loops, which makes them much easier to audit;
  • Another Ethereum’s problem is that it becomes clogged and congested. Part of the reason is that Turing-Complete smart contracts that take up a lot of space to execute.

So, where do we go from here?

Whenever there are serious challenges to fixate on, alternative solutions tend to emerge. 

As such, the development of DeFi highways that value the same principles, but avoid over-complication of Turing-Complete languages, is already going steadfast, lead by several prominent DeFi projects.

Our open protocol Mintlayer, as an example, already offers technical premises for the future of DeFi by embracing intentional Turing-incompleteness. Simple by design, yet as powerful and capable as Ethereum, it is a Bitcoin sidechain built with smart contract’s security, sustainability and usability in mind since day 1.

As more players enter the market, sooner than later the future architects of DeFi products will face a vital decision to make.

Is it plausible to keep unusable benefits in exchange for more loopholes, attack vectors and inherent flaws if there is a way around them?

If you’re still reading up until now, you might as well check out Mintlayer webpage and learn more about smart contract solutions implemented on the strongest, most secure proof-of-work network in the world. Or, jump straight to Mintlayer documentation.