> How are users supposed to learn what is the right smart contract to begin with?
That's the definition of due diligence. It's not one thing and the specifics of what's involved vary depending upon the investment. At the end of the day, the onus is upon the user to determine if it's a fraud.
Being difficult or down right impossible for a non-technical person to audit a contract address or the contract code itself isn't a license for users to ignore that risk. It means they're accepting it in its entirety. Or they can defer to a trusted third party to make that determination for them. But even then, they're still on the hook for trusting that third party.
Is this not the same problem when interacting with any other site? There is nothing stopping people from navigating to faecbook.com and entering their account details. At some point there is a bare minimum literacy expected of users.
As to how they would know if it's the real smart contract: they would see what it was via their wallet after interacting with it the first time.
Proving the correctness of a program is a famously hard CS problem, not “bare minimum literacy”.
> As to how they would know if it's the real smart contract: they would see what it was via their wallet after interacting with it the first time.
In other words, the system is not safe to use. People will reliably be fooled into thinking that they're interacting with someone else — the difference is that if you go to amaz0n.com and enter your credit card info, your liability is capped at a low amount and will likely be zero because the regulated financial industry has a fraud handling mechanism better than “the people who profited from you buying their tokens will mock you for being phished”.
