Gold is immune to unauthorized “money creation”. Fiat currency creation usually requires approval by multiple government agencies on behalf of voters.

Every new bccy creator promises a hard limit on the amount of the new currency. Investors and users of this currency would suffer if there’s any dilution as happens in start-up stock options.

However, is there any audit, any checks-n-balances on this hard limit? I think it’s quite possible for the programmer to cheat the system and create some new coins for herself.

An unauthorized creation sounds like fraud, but is actually subject to interpretation. The legal contracts might be phrased in a way to give the issuing company some leeway. Some leeway to adjust the money printing machine. So someone could argue that the unauthorized creation is harmful, unfair to the investors/users, but technically not unauthorized. Off the hook.

A security hole is more likely negligence [coding error, insufficient test coverage…], rather than deliberate. If one security hole is uncovered, the people responsible are seldom punished. “Honest mistake… No one is perfect.” The team does a quick scan of similar holes, and usually fail to uncover the other holes 🙁

How good is a “veteran” system auditor?

• Remember how you interview a tech candidate? You give her the benefit of the doubt if she looks decent.
• Remember how we validate the IMPACT changes? It took 10 minutes. If I miss something hidden, it’s not my fault as I’m not perfect.
• Remember lockfree algorithms? These algorithms are so hard to reason that 98% of published solutions are flawed.
• If you need to read the source code to find flaws (white-box audit, or peer-review), it’s too hard and too time-consuming
• If you rely on tests (blackbox audit), then how good is your test coverage? Do you know all the scenarios?

Therefore, I think we really need to rely on trust, reputation, integrity/motivation of the developers. There’s no effective checks and balances to their power. I kinda know it from experience as a developer.