Hey everyone!

This week's edition of "Just the Metrics" zeroes in on a programming language and virtual machine poised to shift public perception, particularly regarding the security of blockchain-based systems, and potentially drive greater developer adoption within the blockchain space.

We are talking about the “Move”. 

It's widely acknowledged that EVM's architectural flaws have spawned numerous security vulnerabilities, prompting the need for a transition to a more secure programming framework.

Existing smart contract languages, primarily designed for EVM and analogous platforms, like Solana Virtual Machine (SVM) fall short in effectively managing assets and ownership, underscoring the demand for an alternative.

Move, a platform-agnostic language, rises to this challenge by meticulously catering to the specific needs of smart contract development.

Move offers a solution through its architecture, engineered for simplicity, safety, and versatility across platforms, with a focus on enhancing the security and integrity of digital asset management.

Armed with this context, we now proceed to dissect the technical merits and benefits of Move, particularly in comparison to EVM and the Solana smart contract programming framework.

Let’s go!

What you’ll learn today

EVM's Flaws: Highlighting the Ethereum Virtual Machine's vulnerabilities that have led to substantial financial losses.

Solana's Pitfalls: Analyzing Solana's complex programming model and its inherent security risks.

Redefining Smart Contract Development: Exploring the Unique Characteristics and Requirements of Smart Contract Programming Languages.

Introducing Move: Presenting Move as a secure, platform-agnostic language poised to solve current smart contract development issues.

Before exploring the specifics of Move, it's important to address the significant flaws within the Ethereum Virtual Machine (EVM) and Solana's programming model (SVM), which have profound impacts on their ecosystems.

EVM's Flaws:

The EVM has been instrumental in driving the first wave of Web3 innovations. Nonetheless, it's hampered by critical vulnerabilities.

These shortcomings have contributed significantly to Web3's infamous reputation for security lapses, resulting in the loss of billions of dollars on an annual basis.

If the mainstream is to take Web3 seriously, this reputation must go.

But this doesn't mean that Ethereum will be dethroned as the top DeFi ecosystem, because we are already seeing early signs of disentanglement between the evolution of Ethereum and that of the EVM.

Above all, Move is a platform-agnostic programming language.

That being said, let's get into the core topic👇

Why is Smart Contract programming distinct from mainstream programming?

Smart contracts represent a fundamental shift from traditional software development, catering to specialized blockchain functions such as defining new asset types, managing asset interactions, and enforcing access control conditions.

In contrast to conventional programming languages designed for a wide array of applications and supported by extensive libraries, smart contracts necessitate a more focused approach.

Their critical role in facilitating trustless transactions and the transfer of digital assets under well-defined rules highlights the inadequacies of existing programming languages in fulfilling the distinct needs of smart contracts.

Indeed, specialized smart contract programming languages have been developed.

Yet, these languages exhibit significant shortcomings in meeting the requirements essential for smart contract development.

Specifically, languages used within EVM-based platforms and Solana struggle with aspects of asset management and ownership, revealing fundamental gaps in their ability to address the complex demands of smart contract programming.

 The shortcomings of the EVM are well-known👇

Yet, the difficulties tied to Solana's approach to smart contract programming haven't gotten as much spotlight, even as Solana becomes more important in the world of DeFi.

A detailed article by @kklas_ dives into these challenges, providing a closer look at what makes Solana's system complex for developers:

Source: Smart Contract Development — Move vs. Rust

Based on this, let me summarise the core drawbacks of Solana's programming model👇

1. Complexity in State Management Solana's model requires developers to manage state explicitly through accounts, which can increase complexity in contract development.

Programs must interact with accounts to read and write state, necessitating a deep understanding of account management.

2. Account Management Overhead Developers must implement checks for account ownership, types, and signatures, which can be error-prone and lead to security vulnerabilities.

This manual verification process adds a significant amount of boilerplate code and complexity.

Account Bloat: Smart contracts must explicitly list all accounts they interact with in transaction instructions.

This requirement can lead to a large number of account parameters for complex operations, complicating contract interfaces and interactions.

3. Learning Curve and Developer Ergonomics: The combination of Rust's inherent complexity and the unique Solana concepts, such as - Program Derived Addresses (PDAs), - Cross-Program Invocation (CPI), - and account ownership models, contributes to a steep learning curve for new developers.

4. Security Challenges: The necessity for manual account and signature verification increases the risk of security vulnerabilities.

Historical exploits on Solana, such as

• Wormhole ($336M) — https://rekt.news/wormhole-rekt/

• Cashio ($48M) — https://rekt.news/cashio-rekt/, and

• Crema Finance ($8.8M) — https://rekt.news/crema-finance-rekt/

have often been due to mistakes in these areas, exposing the model's susceptibility to human error in contract development

5. Limited Composability While Solana supports composability through CPI calls, the need for explicit account management and manual verification can make composing smart contracts more cumbersome and less intuitive compared to models that offer native composability features like Move.

6. Developer Productivity and Speed The complexity involved in managing accounts, performing manual checks, and dealing with the low-level details of Solana’s programming model can slow down development speed and increase the time to market for decentralized applications.

The Need for a Secure Platform-Agnostic Smart Contract Programming Model

The limitations of current smart contract platforms highlight a critical issue: - The absence of a platform agnostic direct language to manage and describe assets and ownership effectively.

This deficiency complicates the development process, increasing the risk of vulnerabilities due to reliance on roundabout methods for fundamental concepts.

It underscores the urgent need for a new smart contract language designed with built-in support for handling assets, ownership, and sophisticated data management, streamlining development and enhancing security.

That's exactly what Move is created for.

Above all, the smart contract development space now requires a "platform-agnostic programming language" above all.

What is a platform-agnostic programming language?

A platform-agnostic smart contract programming language is crafted for broad compatibility across various blockchain systems, with an emphasis on simplicity and adaptability.

It prioritizes universal programming concepts, deliberately avoiding the incorporation of blockchain-specific constructs into its syntax. This strategy permits blockchain platforms to enrich the language with their unique features via additional code, rather than necessitating alterations to its core structure.

The architecture of the language guarantees that its essential components—such as the virtual machine, bytecode verifier, and command-line interface—maintain consistency and are interoperable across diverse environments.

Consequently, this flexibility allows for the language's customization to align with the distinctive needs of each blockchain platform, thereby enabling a vast spectrum of applications and innovations.

First, let's understand why Move is a platform-agnostic programming language.

Cross-Platform Design: Move is designed to be embedded across different blockchain platforms without requiring modifications to its core structure. This universality allows it to serve as a foundational layer for smart contracts on varied systems.

Simplicity of Core Language: The core of Move is intentionally kept simple, focusing on generic programming concepts like structs, integers, and addresses. This simplicity ensures that the language can easily adapt to the diverse requirements of different blockchain environments.

Lack of Blockchain-Specific Constructs: Unlike other smart contract languages that integrate blockchain-specific concepts directly into their syntax, Move does not natively include elements like accounts, transactions, or cryptography. This absence makes Move inherently adaptable, capable of serving as a neutral basis for various blockchain platforms.

Extension Through Integration: Blockchain platforms can integrate Move by building upon its core components to add their specific features through modules. This means that instead of altering the fundamental language or creating a unique fork, platforms extend Move with additional functionalities tailored to their ecosystem.

Shared Core Components Across Platforms: All platforms utilizing Move leverage the same set of core components, including the Move VM, bytecode verifier, compiler, prover, package manager, and command-line interface (CLI). This uniformity ensures consistency in how Move operates across different blockchains.

Blockchain-Specific Features via Add-On Code: Platforms that integrate Move can add blockchain-specific features through code that builds on Move's core components. This approach allows for the customization and extension of Move's capabilities without compromising its platform-agnostic nature.

Let's see how Move places a paramount emphasis on safety and security in its architecture.

Move is designed with a strong emphasis on safety and security, especially concerning digital assets, which it treats as first-class citizens through its resource model. The security features of Move are deeply integrated into its language design, compiler, and runtime environment, providing a comprehensive framework for developing secure smart contracts.

Here are the key aspects of Move's security features:

1. Resource Safety Move introduces the concept of resources, which are special data types that represent digital assets. These resources are treated with first-class support in the language, ensuring they cannot be duplicated, inadvertently lost, or destroyed. This prevents common asset-related vulnerabilities such as double-spending or unintentional burning of tokens.

2. Type Safety Move's type system is statically typed, meaning that type checking occurs at compile time. This eliminates a whole class of runtime errors and vulnerabilities related to type mismatches. The type system also supports generics, enabling safe and reusable code without sacrificing security.

3. Linear Type System with Borrow Checker Similar to Rust, Move employs a borrow checker within its linear type system, which ensures that references to resources and other data are used safely. This mechanism prevents dangling references and ensures data integrity, particularly when resources are passed between functions or modules.

4. Module and Function Visibility Move allows developers to define modules with clear interfaces, encapsulating implementation details and exposing only what's necessary. This encapsulation is enforced through public and private access modifiers for both functions and structs, reducing the attack surface by limiting the ways in which contracts can be interacted with.

5. Bytecode Verification Before being deployed, Move modules must pass through a bytecode verifier, which performs static analysis to ensure that the module complies with Move's safety rules. This includes checks for resource safety, type safety, and the absence of certain unsafe patterns. The verifier acts as a gatekeeper, preventing potentially malicious or unsafe code from being deployed on the blockchain.

6. Formal Verification Support The Move language comes with a formal verification tool known as the Move Prover. This tool allows developers to write specifications for their smart contracts and verify that the contract's implementations adhere to these specifications.

The Move Prover can prove properties such as absence of overflow/underflow, compliance with invariants, and adherence to access control rules, significantly enhancing contract reliability and security.

7. Immutable and Mutable References Move distinguishes between immutable and mutable references, enforcing strict rules about how data can be accessed and modified. This distinction ensures that data cannot be modified unexpectedly, reducing the risk of bugs and vulnerabilities associated with state changes.

8. No Reentrancy by Default The Move execution model, by design, does not easily allow for reentrancy, a common source of vulnerabilities in smart contracts (notably in Ethereum's EVM). This reduces the risk of attacks where unintended interactions between contracts can lead to unexpected behavior or loss of funds.

Move Virtual Machine: Putting It All Together

As we already discussed, Move programming language, is designed to facilitate the creation of secure and programmable transactions. The Move VM interprets these transactions, encoded in Move bytecode, enabling the execution of sophisticated contract logic on the blockchain.

The role of the Move virtual machine (VM) is to execute a block of transactions, process these transactions against the global state, and produce a transaction effect that signifies modifications to the global state.

This execution framework is integral to the operation of blockchain systems utilizing the Move programming language, ensuring seamless interaction between code written in Move and the underlying blockchain architecture.

The Move ecosystem is already gaining traction.

Within a short period of its release, Move has garnered serious traction among blockchain developers.

We are already seeing multiple ecosystems adopting Move.

Some notable examples include:

• Sui Network: Leveraging Move, Sui is designed for scalable DeFi and gaming applications, employing a resource-oriented model that supports composable transactions and parallel processing to achieve higher throughput.

• Movement Labs Projects (M1 & M2):

  • M1: A permissionless Move-based blockchain operating as an Avalanche subnet.

  • M2: Another permissionless Move-based blockchain, currently functioning as a Celestia rollup. M2's goal is to broaden functionality for developers on Ethereum, allowing Solidity projects to deploy on M2 without the necessity for Move code.

• Additional platforms adopting Move include:

  • Aptos Network

  • Starcoin

  • Linera

  • 0L Network

These examples underscore Move's growing influence and its potential to revolutionize various aspects of blockchain development across different platforms.

The Surprising Shift of Liquidity to Sui

The most significant transfer of liquidity from Ethereum L1 is not directed towards its L2 solutions, Solana, Polygon, or the Avalanche C-chain; rather, it's flowing towards Sui.

This flow to Sui is almost tenfold compared to that from Ethereum L1 to ecosystems based on the EVM.

Sui, crafted by developers from Facebook's Diem project, is witnessing the most substantial influx of liquidity, although it still represents a minor portion of the liquidity seen on EVM-based platforms.

This trend might be indicative of an emerging shift, suggesting that Move-based ecosystems could be the forthcoming prominent platforms in the DeFi space.

Should this prediction materialize, we might observe a surge of DeFi applications not primarily on Ethereum L2s or networks like Solana but on platforms that exploit the capabilities offered by the Move programming language.

Is Move the Future of DeFi?

As of now Move VM is the fastest and most secure VM design to date, capable of handling millions of users on-chain at any given time.

Move's approach to smart contract development, which is fundamentally based on platform agnosticism and emphasizes resource safety, atomic transactions, and verifiable contracts, positions it as a strong contender against the programming models of EVM and Solana.

Its unique features address many of the security and efficiency concerns prevalent in today's DeFi applications, providing a robust foundation for securely building complex financial instruments.

Considering all this, Move has the potential to fast-track innovation and adoption of DeFi services across platforms, making it a compelling choice for the new wave of blockchain developers.