[dvcc]

Can someone explain how immutable contracts get updated? From what I understand you can have one contract forward requests to another, and you can use some storage in the forwarding contract to determine the real target contract. But why would someone participate in a contract that is mutable?

I guess I am just wondering how this contract can be updated, given its on the blockchain and considered immutable.

[pimeys]

There are architectural ways as you said, but basically you don't update them. You know the possible bugs, you document the contract, methods and your process early on, you write tons of tests, use auditing tools, do code review with the team, hire somebody to audit your code, test it with bounties, implement emergency stops and speed bumps and some proper monitoring.

When it's about your money, you should be able to do all that.

And yes, Solidity is pretty horrible. I hope there will be better options such as Idris in the future.

[jeeceebees]

The contract code is immutable. The code that you agree to can be pretty complicated though and might not do exactly what you think it does.

In this case, by some stupid mistake the contract allowed anyone at all to change who was considered an owner of a wallet.

The code wasn't changed; one of the functions it specified was used to change a variable.