RT @SarahJamieLewis: SpankChain had a smart contract bug which allowed an attacker to steal ~$38k worth of ETH. Had previously decided $50k audit was too expensive
1) That's actually not bad risk management
2) I should be reviewing smart contracts on the side. https://t.co/oArroSFHR4
An audit doesn't prove it will be unhackable, only reduce the chances. You have to consider the cost of doing the audit and then potentially still being hacked. Since an audit can cost more than the contract holds they went with just insuring the risk with their own money.
No, this is simply wrong.
There are more bugs lurking, and complex contracts ALWAYS have to be audited. I haven't participated in any audit so far where we haven't discovered at least a "major" bug, which means that it hinders the function of the contract or in the worst case, can cause the loss of funds.
Bugs happen, and this is totally okay. But you need to audit your smart contracts.
It sure does, but contracts can get adapted, code copy-pasted etc. etc. So the sum in question might actually be higher.
Also, the damage to their reputation isn't included, neither is the resulting downtime and what they loose in terms of business and customers during that time.