Jul 21, 2017 · 1 min read
Code review is simply not a strong enough verification technique for smart contracts. As the author suggests, there is a culture clash between the permissive, largely low-consequence world of most web, game and general application development, and the hostile, threat-ridden world of smart contract development. What the latter needs is at least the sort of fairly rigorous, if not formal, analysis techniques used in the best security products, but at a scale that has never been done before, and for which only a tiny percentage of all professional developers are competent in. The difficulty of achieving the required level of security and accuracy is an existential threat to smart contract schemes in general, not just Ethereum.
