PayPal’s Ancient Solidity Compiler: What You Need to Know
Trust Security’s white hat hacker and smart contract auditing firm head, Trust, has drawn attention to an interesting aspect of PayPal’s new stablecoin PYUSD. Here are the key points to understand:
- PayPal’s smart contract uses an ancient version of the Solidity compiler, version 0.4.24, which was released back in May 2018.
- Choosing an older version of the compiler can be beneficial because it has been tested for a longer time and may have fewer unknown vulnerabilities.
- The simplicity of PayPal’s token system, powered by a single short smart contract and the SafeMath library, allows for the use of an older compiler version.
- By reducing complexity and the integration of outside code, PayPal aims to create ultra-robust code that will be reliable for the next 10+ years.
- Immutable smart contracts, like PayPal’s, rely on the hope that all components of the codebase are safe at a specific point in time, without the need for periodic patches or emergency releases.
In conclusion, Trust’s analysis reveals that PayPal’s use of an ancient Solidity compiler and its simplified token system demonstrate a strategic approach to reduce the risk of vulnerabilities and ensure long-term stability for their stablecoin.
Hot Take: PayPal’s decision to prioritize stability and reliability over the latest features and gas efficiency shows their commitment to creating a secure foundation for PYUSD.