Rob Behnke
May 11th, 2022
As the smart contract and DeFi space grow, many different platforms are competing for supremacy. While Ethereum is the oldest and most established smart contract platform, Solana and other “Ethereum killers” are attracting growing communities.
When comparing smart contract platforms, there are many factors to consider, including throughput, scalability, and architectural details. However, one of the most important considerations is the security of the various smart contract platforms.
When considering the security of leading smart contract platforms, there is no single basis for comparison. Neither platform has fundamental flaws that render it insecure and unusable or such a strong proof of security that it leaves the other in the dust.
However, there are some key factors that have a direct impact on the security of each platform, including:
Blockchain technology has only been around for a little over 13 years, and smart contract platforms are even younger. As a result, many of the leading smart contract platforms are still maturing and under development.
The age of a smart contract platform has a significant impact on its security. More stable smart contract platforms are less likely to introduce new security issues in development and have had more opportunities for existing issues to be identified and corrected. An older platform with a more established community has likely undergone more security research, has a development community with more experience working with the platform and its idiosyncrasies, and has more tools available for security audits of smart contracts.
From this perspective, Ethereum is the clear winner over Solana. Ethereum has been around since July 2015, while Solana was launched in March 2020. Ethereum also has many more active members and hosts more decentralized applications (dApps) than Solana as well. As a result, there is far more known about Ethereum and its potential smart contract vulnerabilities and common coding flaws than Solana.
Platform Age and Adoption: Ethereum vs. Solana
Winner: Ethereum
Blockchain consensus algorithms are designed to allow a blockchain network to agree on a shared state of the digital ledger in a decentralized fashion. Consensus algorithms are vital to blockchain security because a successful exploit of consensus (a 51% attack, etc.) has a significant impact on the ledger’s immutability and security.
Ethereum is currently in the midst of a transition from Proof of Work (PoW) to Proof of Stake (PoS). Solana, on the other hand, uses Proof of History (PoH) to organize transactions into a sequence and Proof of Stake to validate this sequence.
Proof of Work is often considered more secure and resistant to centralization than Proof of Stake, but its energy consumption and lack of scalability have driven Ethereum to Proof of Stake. Since both blockchains will use Proof of Stake, security details boil down to their different designs and implementations.
However, Solana’s PoH provides a slight advantage due to its ability to protect against front-running attacks since transactions are ordered based on time of creation rather than transaction fees. In addition, thanks to PoH, it’s not possible to manipulate the time and perform the well-known MEV (Miner Extractable Value) attack.
Consensus Algorithm: Ethereum vs. Solana
Winner: Solana
Smart contract platforms allow developers to write programs that run on the decentralized blockchain network. Each node in the network hosts a virtual machine where they execute instructions as they are added to the digital ledger.
The programming languages that a smart contract platform supports and the virtual machine that it uses impact the security of the smart contracts that it supports.
Developers are less likely to make mistakes in languages that they have more familiarity with. A more established virtual machine may be more stable and contain fewer errors than a newer one.
Ethereum uses the custom-built Ethereum Virtual Machine (EVM) and its smart contracts are primarily written in custom languages, including Solidity (inspired by C++), Vyper (Pythonic language), Yul/Yul+ (intermediate language for EVM), and Fe (based on Rust and Python).
In contrast, Solana primarily uses more established languages such as C, C++, and Rust.
However, Solana has a much more complex architecture for running its programs, including support for multithreading and the use of the Gulf Stream transaction forwarding mechanism instead of mempools.
Many Ethereum smart contract vulnerabilities are created by the details of how Solidity and the EVM work and developer inexperience with them. However, while Solana uses more established languages, its complex architecture can also create security challenges.
Programming Language and Virtual Machine: Ethereum vs. Solana
Winner: Tie
Decentralization is one of the founding principles of blockchain technology. The goal of the blockchain is to move away from systems where an individual or group holds significant power over the system. This protects against abuse of power, improves resiliency, and has other benefits as well.
Blockchain systems commonly struggle to maintain decentralization. In Proof of Work, the emergence of mining pools created a situation where a few colluding groups could have controlled the blockchain. In Proof of Stake, the parties with the greatest stake also earn the greatest rewards, and this “rich get richer” design can centralize power over time.
Ethereum is commonly seen as being more decentralized than Solana. In Solana, the top 50 validators control over 35% of the overall stake, and the single biggest validator, Everstake, controls more stake than half of the network’s validators combined.
Decentralization: Ethereum vs. Solana
Winner: Ethereum
At the end of the day, both Ethereum and Solana have their security pros and cons. Neither platform is inherently easier to use, and, at the end of the day, many of the security challenges, such as a lack of familiarity with a language or virtual machine, can be overcome.
When developing smart contracts or Solana programs, the best way to ensure their security is to undergo a smart contract audit before release. Smart contracts auditors – like Halborn – are aware of the platform idiosyncrasies and coding errors that can result in vulnerable code.
Having another, professional set of eyes look over the code before launch can help to prevent a costly and embarrassing hack.
Halborn’s smart contract auditors have experience working with all of the major smart contract platforms. To learn more about securing your smart contracts or to arrange a smart contract security audit, feel free to reach out to our blockchain security experts at halborn@protonmail.com.