It seems like these systems ought to be developed with independent formal verification as a legal requirement. Or maybe that's too naive to dream about?
I've worked with using formal verification systems to secure smart contracts. It's less useful than you would think, for two reasons:
1. It's extremely hard to come up with the correct rules for expected behavior. It's like making a safe wish versus an evil genie. It's also surprisingly easy to make a rule that doesn't check anything, or what you think it does.
2. In the areas that deal with the most money, DeFi, there may be thirty program involved, most of which were not made by you or under your control. Current formal methods can just handle a single program. The common way to handle networks of contracts is to test each in isolation, making assumptions about what the other contracts can do. But it's really easy to make a wrong assumption here.
OK, that makes sense, thanks for the insight! I do still think it would be "helpful" to apply formal methods, even if they don't solve the problem 100%, just like some testing is better than no testing. Better than the current wild west at least, it would seem.
Code is protected as free speech by the US Supreme Court. There’s no legal avenue by which you could prohibit someone from writing and publishing smart contract code.
At best the most you could do is setup a legal barrier to deploying that code to a block chain. Even then, this is legally iffy, since deploying chain simply involves broadcasting a message to the network. Most likely the court would interpret this as a form of published speech protected by the First Amendment.
But even if not, you can still publish the smart contract code on GitHub and say “I sure hope no one outside my jurisdiction or an anonymous address takes this code and puts it on-chain.
I'm not sure I agree with these points (although these are good insights). There are regulations that apply to code in other domains, like HIPAA/FedRAMP/banking compliance etc, so why cannot they be applied to blockchain providers as well?
You could do that, it would still be up to the consumer to only choose to interact with those contracts and projects, just like it is now. But the consumer is undiscerning.
