This has been discussed in the DFS TZIP where some attempts at keeping backward compatibility have been proposed. Unfortunately they lead to complex hybrid models that are very hard to reason about. There are two distinctions to make regarding this question. The first distinction is between contracts already on the chain versus the contracts that are not yet originated but will be if and when Florence activates. The second distinction is the one you make between “break” and “make vulnerable”.
- Breaking existing contracts: to detect possible contract breakage, we have compared for all the Delphi blocks the context hash when the block is applied using BFS and DFS. For all but one (BLHP5v9BVscaM4mocunVN6C3jALi56JiWXHpZhBQKPmKnxZctk7) block, the hash was the same. The problematic operation is at the very end of the block; it is a call to Dexter where wXTZ tokens are sold and the tez received in exchange for them are immediately locked in a wXTZ oven. So moving from BFS to DFS seems to break Dexter but no other existing contract. During the recent reboot of Dexter, the script was changed to make it more independent of the execution order (by forbidding complex interaction patterns like this one).
- Making existing contracts vulnerable: BFS and DFS offer different atomicity guarentees so in theory it is possible that some smart contracts rely on the BFS order of execution for their security. This seems rather unlikely in practice because reasoning in the BFS model is not very intuitive (see this thread in particular). Unfortunately, this is also very hard to test. If you have examples of applications that may depend on the BFS order for their security please share!
- Breaking or making new contracts vulnerable. We have no cristal ball so even if we assume that Florence is accepted by the community we cannot tell what contracts will be on chain in two months when it activates. The best we can do regarding the contracts of the near future is to warn the community of smart contract developers that a change in the order of application of internal operations has been proposed so we strongly recommend to either originate contracts that work and are safe in both DFS and BFS contexts or to wait for the decision of the community regarding this point. So thank you very much for having started this discussion!
