About audits, there is no question “yes” or “no”, the question is how many audits ;)
Audits doesn’t guartie anything, but it’s a must have practice. There are a lot of audit companies who love to do so for a big budget.
Audits + active monitoring
Surprise-surprise, you need external active monitoring of your smart contracts service. There are many services: defender, forta, tenderly, etc. For sure you can run your own. But what about decentralizedtion, the whole concept of web3 is broken. Yor smart contract is controlled by external centralized “defence” service.
Solution: don’t use hackable tech
Embedded blockchain protocol/layer for any dapp. Don’t use external protocols you can’t control and fix, use your own. Sounds difficult, not actually.
Some libs/sdks that can be used
webrtc libp2p tendermint substrate
Some external talks
// in progress..
