Artist's disease is a hardening of the categories

why?

they're new and built in novel ways. we're still learning how to build them in safe ways.

sure, but uber is new and we don't hear stories of super-hacker uber drivers who learn to game the algorithm. there must be something more fundamental at play here.

smart contracts are often open source. i don't know of any other financial software like this.

almost every meaningful piece of software infrastructure is open source. what about immutability?

its actually simple to do a software upgrade on a smart contract, the hard part is deciding when to do it.

why is deciding when to do an upgrade harder?

it's a cultural thing. whoever has the upgrade keys has the keys to the castle. in cefi they're held by the bank and the government's monopoly on violence.

hmmm

in real defi, the holder of those keys is a DAO..

lets return to the original question: is there something fundamental about defi that makes it less secure than cefi?

my thesis is: the reason we don't see large cefi hacks is because those institutions have very finely tuned finality for their transactions. by slowing down transactions, and making merchants take on the risk, banks are infinitely secure so long as they can _detect_ problems in the 24+ hour window before they finalize. if a problem is stopped before it finalizes, did it really happen?

we could easily approximate this sort of slow finality into blockchains. for what i think are cultural reasons, we don't.

i raise: the Axis Infinity hack

anyway, for cultural reasons i think blockchain-minded people reject slow finality because it goes against the whole "my private key my coins" zeitgeist. if your transaction can be canceled, it can be censored.