- Cardano’s Plutus programming language is more secure than other languages for writing smart contracts, according to Charles Hoskinson.
- He cites MonoX Finance’s recent $31 million hack as a reason for building security into smart contracts.
Charles Hoskinson, CEO of Cardano’s development arm Input Output Hong Kong (IOHK), has pointed at the circumstances surrounding the recent hack of DeFi platform MonoX Finance as one of the reasons Cardano is superior to Ethereum, and other smart contract blockchains.
MonoX was reported to have lost $31 million dollars on Wednesday. The firm reported that the hackers exploited a bug in the software it uses to draft smart contracts to enable it to use the same token for both an input and output transaction.
The hacker used the platform’s native MONO token as both tokenIn and tokenOut, while the norm should have been to input one token and withdraw another. This enabled the hacker to inflate the price of the withdrawn token and proceed to exchange it for other tokens on the Ethereum and Polygon networks. Tokens drained included $18.2 million in Wrapped Ethereum, $10.5 in MATIC tokens, $2 million worth of WBTC, and smaller amounts of tokens for Wrapped Bitcoin, Chainlink, Unit Protocol, Aavegotchi, and Immutable X.
Hoskinson points out that the hack could have been avoided by using a more secure programming language. He points to Cardano’s tailor-made smart contracts programming language, Plutus, as one of the edges the blockchain network has as it offered a way for developers to write “great and secure code.”
“This is exactly why Plutus was written for Cardano. Good languages and tooling work with the developer and auditor enabling them to write great and secure code. Bad languages load and hand them the gun that they shoot themselves with,” – Hoskinson.
What is Plutus good for?
Plutus is a programming language for writing smart contracts on Cardano. IOHK’s blog describes it as a “Turing-complete language written in Haskell, and Plutus smart contracts are effectively Haskell programs,” and “the leading purely-functional programming language.”
The programming language is touted to provide considerable advantages for security as it brings an easy way to show that smart contracts are correct and will not encounter problems. It does this by allowing both on-chain and off-chain code to be written in the same language which the Plutus toolchain separates automatically for deployment.
Other critics of current DeFi protocols
Hoskinson is not alone in criticizing the developers of MonoX for the lax security of the platform. Dan Guido, CEO of Trials of Bit which is a blockchain security consultancy firm, said that hacks were common among DeFi projects because many developers did not do their homework right.
“These kinds of attacks are common in smart contracts because many developers do not put in the legwork to define security properties for their code,” said Dan Guido.
The expert also noted that the developers often overlooked the security mitigations that the programming languages they used had in place while they rushed to get their products to market.