[finfinfin]

That’s not exactly the same. How can a user tell who and when (i.e. which version of an upgradeable contract) has reviewed this particular contract? Linux core has a long history and a ton of processes around introducing changes. When I visit a crowdfunding web3 website there is none of that.

[prohobo]

People are working on auditing services for smart contracts and web3 apps, but it's slow going.

Considering the behavior of the current community I totally understand your skepticism toward the technology itself. It hasn't really proven itself useful or safe for anything but a few use cases, and the only thing it really has going for it is the theory and the core development. Fixes and new features are slowly being added to the tech to make trustless services possible.

The criticism that web3 - even if it did work properly - turns literally everything into a token-based speculative market is accurate. I think it's an emergent property of the technology that isn't good for anyone, and it's bad enough that it might be worth ditching completely.

[TimJRobinson]

The contracts are immutable once deployed. There are proxy contracts that allow for upgrading but the highest quality teams usually fix them after a while to guarantee they won't change. The sites are often all on IPFS to also have hashed content, or are open source so you can run the frontend yourself.