Vyper contributors: Issues related to Vyper and other public goods ultimately point to incentive problems, which must be united to solve

ChainCatcher news, smart contract language Vyper contributor @fubuloubu commented on the Curve hacking incident, "Finding this vulnerability could take weeks to months, possibly carried out by a small group or team. We may find more information soon, but given the resources involved, I think there is reason to suspect that state-sponsored hackers may be involved."

@fubuloubu stated, "Currently, there are only two compilers that are optimal; Vyper's codebase is smaller, easier to read, and has fewer changes to analyze its history, which may be why the hackers targeted it. The Solidity codebase is larger. Secondly, the compilers have not been reviewed or audited as much as people think. Most compilers undergo significant and frequent changes, which is not conducive to auditing.

All of this points to the final issue: the incentive problem, that is, no one has the motivation to look for critical vulnerabilities in the compiler, especially in older versions.

But this is not the end for Vyper or Curve; we must come together to address these types of public goods issues. Personally, I previously proposed a plan that would help improve Vyper by adding a user-sponsored bounty program."