Standard peer reviewed libraries for the new world of smart contracts is sorely needed. Hopefully the increased complexity does not increase the gas costs of the contracts too much. I think most devs would trade higher gas costs for a more secure platform to develop on. Anyone who lost funds in the parity wallet hack would probably agree.
> Hopefully the increased complexity does not increase the gas costs of the contracts too much
It's possible to save gas by pulling in libraries' code into the contracts via the "internal" keyword [0]. This way JUMP will be used instead of DELEGATECALL.
Peer reviewed libraries will definitely help to make the platform more secure. However, the engineers decide whether to use libraries or not. What's needed is more discipline and willingness to raise the overall quality level of smart contracts and DApp development.
Writing software that handles money is different from some random web app, where bugs can be quickly fixed. We see some ICOs using OpenZeppelin [1] for their contracts, using practices like continuous integration and measurement of code coverage. However, we need much more quality-oriented practices to become widespread like mutation testing. In the current environment, developers are often more motivated to participate in bug bounties or exploit already deployed code, rather than contribute to the ecosystem/tooling.
Exactly. If a higher level of security and robustness of the platform is not achieved we will continue to see hacks like the Parity one over and over again.
This is one of the main drivers for building zeppelinOS.
https://www.coindesk.com/30-million-ether-reported-stolen-pa...