Hi everyone, my name is uzern4m (subject to change)
I'm a Rust enthusiast, amateur security researcher and i've been introduced to monero for more than a year now.
The current monero node is written in C++. It is really well done, thanks to wonderful maintainers, proper/structured codebase and regular security audit made on updates. With these high-quality practices the node haven't suffered any critical security vulnerabilities (RCE/Information Disclosures) since then.
Paradoxically with the upward statement, the current trend tends towards abandonment of C++ in favor of language like Rust or Go. For example The Tor Project has been rewriting from scratch their binary in Rust, see Arti. It has been seen already in the monero ecosystem with software such as the COMIT BTC<>XMR Atomic swap, Tari and Serai DEX being written in Rust, ETH-XMR atomic swap implementation of noot being done in Go. Even outside with Ethereum, MobileCoin and ZCash nodes for example (no monero fellas i don't support these cryptocurrencies).
I think we should slowly but surely start exploring the possibility of developping a Rust-written Monero node in the future. That's why I'm proposing this CCS. The goal is to release a report on the different reasons for why we should and why we shouldn't write a Rust written node. In case we would want to, what issues may arise during developpement and what would be the best approach towards it. While also proposing new features/improvements over the current implementation.
Why Rust ?
The primary reason for using Rust against other languages for a rewrite are quite simple:
- Maintenance : Rust is a high-level language with built-in features to organize and structure the codebase for better changes
- Performance : Rust is known for it's low-level performance. When correctly written/optimized a Rust program can perform as fast as it's C++ implementation
- Stability : Rust is extremely annoying with errors, types, pointers and force developpers to write code that doesn't crash. This is often why beginners struggle with Rust, notably with the Borrow Checker.
- Security : Rust is memory-safe, which means that (when using safe code) it can't (it shouldn't) cause memory corruption, after-free bug etc... With static analysis tools like the Borrow Checker, interpreter like Miri and exploit mitigations being enabled in LLVM compilation, we can produce extremely secure binaries and significantly recude risk of exploitation whithout compromising performance.
It's my first CCS and I never talked with the monero community. I was just an observer. I've been developping in Rust small projects for 2 years now and put my energy into security research. I'm actively learning reverse-engineering. Recently some things happened in my life, in bad way as well as good way, and I've now extra times to put effort into. And I decided to help Monero. I believe that if we don't put effort into what we believe or love, we can't make it stand against time. It's called entropy and it even apply to the world of cryptocurrency. Hope you will support my CCS OwO.
I will work 5 hours per day during 10 days, 2~3 weeks. 15€ per hours. The Monero-EUR price is ~160€ (01/30/23)
(5 x 10 x 15)/160 ~ 5 XMR.