EOSCommunity.org Forums

Trust with closed source updatable contracts

Hello, I’m new to eosio development, I have previous experience with ethereum and many doubts about the differences I’m encountering.

Why most defi(and non defi) eos contracts are closed source? How can users trust defi contracts with their funds if they don’t know what is actually happening there?

Regarding the updatable contracts feature, what prevents the account owner to update the contract with a new function to rug all the funds? I saw that some defi contracts have some multisig setup but still looks quite dangerous. Could burning the keys be an option for security(losing upgradeability) or are there other best practice?

I might be missing something here but is it really a good feature for smart contracts to be upgredeable(especially in defi) or could actually be more of a problem then a feature for users security?

Could those points be part of the reason why eos defi it’s not really taking off? For my current understanding I wouldn’t trust my funds with the current defi dapps considering the doubts above

You can use the burn key on active and owner which makes them immutable. About closure “dapps”? Avoid when possible. Better projects would replace them.

Just play with a small amount of money