This reminds me of the Toyota Prius (and other models') un-commanded acceleration problem. Should car buyers examine Toyota's code, or should they assume that the gas and brake pedals work as expected?
It's not reasonable to expect software users (even other developer users) to understand or audit code in order to be able to use software -- for anything.
Yes, but not in case of smart contracts is the point. Prius it's source is not open and cannot be audited and is, definitely installed by Toyota. So Toyota is responsible. Smart contracts have none of this.
They are open source by definition and no one knows, by definition, who deployed them. It is a very different case.
Sigh. If this were the case, all open source is doomed. You are responsible if you deploy/offer it, not if you only wrote it. And the point is, in smart contracts, you will not normally know who deployed it.
If you put on github
Return x>0;
And I deploy this in a production environment that kills people with heart rate over 0, do you have any responsibility? No of course not. I do. You have none.
In short: if you put money into something as smart contracts, the only thing you have, and that is literally the intention of the pundits, is that you check the contracts and trust or not trust them. I do not know how this crosses over to other software that has different properties in this thread. That is not relevant. There is no one to sue or say they did a bad job here: you will not know. That is baked in.
As a career developer of more than 30 years, I still take the viewpoint that the person who wrote the code and/or approved it (both = developers) are 100% responsible for all bugs.
As I mentioned earlier in this thread, there is no such thing as bug-free software (even for devices that kill people, as you point out), because bug-free software is categorically impossible within comp sci.
Knowing this comes with great responsibility, even more so when dealing with life... or finances. The developers of this software, as is the case with Solidity and smart contracts in general, have foregone this responsibility.
Another egregious failing of all crypto schemes which I'm compelled to point out is that they fail to use any of their enormous profits to actually fix bugs.
When I was mainframe developer at IBM, the company spent millions of dollars (taken from clients, of course) to find and fix bugs. They paid people good money, including yours truly, for that work.
Today's crypto companies have no such ethics. They (Mr. Buterin, I'm looking at you) have no compunctions after profiting windfalls from their software inventions to actually invest in debugging or fix distribution (or even real error reporting) for the customers. Likewise, they ignore all the UI aspects (and problems) that their inventions have birthed.
This is not responsible software development. It leads to problems like IRON and others in the crypto space. As I said, it is the exact opposite of how, historically, important enterprise software development is done.
It's only for selfish reasons (= money hoarding) that crypto projects don't hire the best auditors and coders in the world to fix their code. They can certainly afford them.
Seems we are similar ages: I am 30+ years into commercial dev as well. I started with the Dijkstra school of development (under pupils of Dijkstra which my father is one) and found that this is not helping. I like it but more intellectually than anything else. I went more the Arthur Whitney way of practical computing without waste.
I vehemently disagree that just writing code makes your responsible for it's use. We are so bad at writing good code that all programmers would be living on the streets or in jail. And that is not malice, just how little we understand or underestimate complexity. Which becomes apparent if you indeed try to create some formal proof and give up after 30 pages.
I also believe your last statement does not recognize the vast issue there is with the smart contract world: I am more of the school of Erlang/OTP: just let it crash these days. If you cannot correct a state, we cannot write software for it. No matter the proofs and auditing. If we cannot correct an erroneous state, we are not capable of writing software in that system. And that is smart contracts. Not space craft where we often can upload a patch and steer the other way, not cars where we detect a deviation and correct it. Smart contracts are: if it's done it is irreversible and there are no programmers, provers or auditors who can predict or prevent that. Rollback must exist or this all will go to shit. Which is what will happen.
Edit: I actually do not believe cryptocurrencies have a chance unless there is rollback (something like refunds without merchant consent). I just cannot see what rollback means in this context: I read papers with scifi type of stories how this would work but it does not mesh with cryptocurrency obviously otherwise.
While we disagree on who is responsible for code, I do think we are saying the same thing about cryptos. If you can't fix software later, you're doomed because it all has problems.
Likewise, humans make mistakes in transactions and if they can't be undone... problems.
EDIT: I should clarify that I don't believe software authors are responsible for use, but rather for bugs.
I'm not saying most transactions are wrong, but some are. So transactions may need to be corrected, just like code. And, in practice, they often are.
In practice, software companies take responsibility for bugs in three ways today, based on their business model.
Old line companies like IBM paid millions of dollars for people and tools to find and fix bugs and to distribute the fixes to customers. IBM did not wait for you to tell them you had a bug. Their system could tell you if you had a bug that someone else reported. And IBM would ship you a custom tape which fixed that bug and didn't break the rest of your software. Let's call that The Gold Standard. With money, it's certainly possible.
Option 2 is a company like Red Hat. Unironically, IBM bought Red Hat. The reason that, while open source gives you the option to look at the code, most companies don't really want to do that. In other words, Ford could make a lot more money focusing on making cars than they can by hiring people to find and fix bugs in (free) Linux software. Voila! Red Hat offers bug fixing and finding (and a plethora of other things enterprise customers don't want to setup) for a hefty subscription fee. Red Hat has many service offerings in the $10,000/month+ range. Once again, if you pay people, you can find and fix bugs.
Finally, option 3 is a company like Google. They don't really care if anyone else can get open source software to work. But... and this is a big but... they need it to work for themselves. Having built a very lucrative empire on open source (Android, for example), Google cannot afford to wait for "the community" to find and fix bugs. They must pay people and they must pay them well. And, this they do. So while the free open source isn't directly monetized by Google, it's worth their while to pay to keep it up to date and correct. Other companies like Netflix do the same thing.
So there are three ways you can do it today.
What irks me about projects like Ethereum is that, having all these real world models out there, its founder doesn't seem interested in finding or fixing bugs at all. He is relying on "the community" (we know that doesn't work, see #3) and not spending any of his own money on debugging or fixes. In all the real cases where you want fixes to happen (and you want CI/CD to get them to customers), "you", being the publisher or heavy user of such software, must pay.
That's what I mean about responsibility. It's where the buck stops.
I think we are in agreement and the implementations that can fullfil so what remains is: how can you find the person or group responsible for fixing or getting sued in blockchain land? I can put some malicious code on the eth chain: how will you find it was me. And that is with intent.
But we agree and I will reiterate: without rollback, current human coders cannot write reliable software. So in it's current state, smart contracts are a utopia and no one should trust them, with or without code audit. But if you still want to play a lottery of humanity vs complexity, read the code, think hard and put or not put your money. If you put your money, do not whine after you lost it. You might as well shout at your toilet for the same endresult.
It's not reasonable to expect software users (even other developer users) to understand or audit code in order to be able to use software -- for anything.