> Hopefully the increased complexity does not increase the gas costs of the contracts too much
It's possible to save gas by pulling in libraries' code into the contracts via the "internal" keyword [0]. This way JUMP will be used instead of DELEGATECALL.
Peer reviewed libraries will definitely help to make the platform more secure. However, the engineers decide whether to use libraries or not. What's needed is more discipline and willingness to raise the overall quality level of smart contracts and DApp development.
Writing software that handles money is different from some random web app, where bugs can be quickly fixed. We see some ICOs using OpenZeppelin [1] for their contracts, using practices like continuous integration and measurement of code coverage. However, we need much more quality-oriented practices to become widespread like mutation testing. In the current environment, developers are often more motivated to participate in bug bounties or exploit already deployed code, rather than contribute to the ecosystem/tooling.
It's possible to save gas by pulling in libraries' code into the contracts via the "internal" keyword [0]. This way JUMP will be used instead of DELEGATECALL.
Peer reviewed libraries will definitely help to make the platform more secure. However, the engineers decide whether to use libraries or not. What's needed is more discipline and willingness to raise the overall quality level of smart contracts and DApp development.
Writing software that handles money is different from some random web app, where bugs can be quickly fixed. We see some ICOs using OpenZeppelin [1] for their contracts, using practices like continuous integration and measurement of code coverage. However, we need much more quality-oriented practices to become widespread like mutation testing. In the current environment, developers are often more motivated to participate in bug bounties or exploit already deployed code, rather than contribute to the ecosystem/tooling.
[0] http://solidity.readthedocs.io/en/develop/contracts.html#lib...
[1] https://medium.com/@bocytko/would-you-trust-your-money-to-a-...