ipsento606 5 days ago

> If someone logs into their bank and notices that changing the account number in the URL lets them withdraw from other people’s accounts, no court is going to shrug it off and say that it’s the bank’s fault for not being more secure

When you open a bank account, there is an actual contract and regulatory framework that governs how you use the account. A URL parameter is an implementation detail that no more alters the contract than a broken lock on a vault would alter the contract.

But when you interact with a smart contract, the smart contract is the contract. What you are allowed to do is defined by what the smart contract lets you do. You don't need to open an account, agree to T&Cs or sign any other sort of contract to interact with the smart contract.

If the smart contract is not the contract, how would you propose we can determine what the real contract is?

1
ryanjshaw 4 days ago

> when you interact with a smart contract, the smart contract is the contract

This is one viewpoint but certainly not the only viewpoint and definitely not the viewpoint of the authors of the contracts in question.

Smart contracts are a novel method of executing contracts, but like all contracts the parties involved and the contract itself is subject to legal oversight in the relevant jurisdictions.