At this point, alot of this stuff floats around Twitter and substack. It's still a bit of a dark art. If you'd like to read some stuff about MEV, start here:
You can go pretty far down the rabbit hole on crypto twitter.
This was also a cool event, there is 7 hours of video and slides, which have more of the kind of info I think you're looking for...discussions about protocol flaws and design etc.
How can something both be a dark art with no actual organized space for best practices and also have it be extreme negligence and stupidity for somebody to fail to follow these best practices? I'm not aware of any other area of software engineering where best practices are only just floating around on twitter.
That’s the closest thing to a collection of standard contracts for protocol builders to use that I am aware of. I’m more on the MEV side - I try to profit from protocols rather than build them. So it wasn’t my first thought.