Idea for making solidity contracts more secure. 1. Sprinkle your code with asserts 2. Stripe it away with the compiler for production build Example (not tested) Failing asserts crash the program in unit and fuzz tests. When PROD = true, compiler + optimizer removes Dev.check
This is not good advice. It's generally considered insecure and bad practice to mix testing concerns within production contracts. One of the top causes of bugs are copying/pasting/adding/removing code. If you have code or macros that are toggled depending on environment, you can very likely have a bug in your infra where the testing concerns won't be properly excised or neutralized from your code.
@ProgrammerSmart Finally, regular practices from C++/Rust are making their way to web3. It is a bit of re-inventing a wheel, but it is a solid practice which is proven by time in web2, I vote for it.
@ProgrammerSmart This is interesting, but also I can see it biting back. Example: in Rust in debug mode underflows/overflows panic, in prod mode they don't. I've had it before that someone didn't know this and wrote code that would underflow but they thought it'd panic and they were safe.
@ProgrammerSmart thanks for innovating a new security standard
@ProgrammerSmart Assert should only be used to test for internal errors, and to check invariants.
@ProgrammerSmart if we add asserts while writing the actual code, will there be any need to test it? or are you saying that by doing this we code and test at once? genuinely trying to understand your point of view here