My specific business? Hard to say because it changes every week as there is really just that much to build
If people find getting into interest bearing products to be complicated, then you would create a contract to make it less complicated.
Pooltogether.com is an example of something people like, I didnt write that. It just gives people a chance of earning more interest than they could alone, at the expense of earning no interest in the mean time. They bill it as a “no-loss lottery”, while it is really just helping people deposit into other onchain financial services. It is analogous to many people depositing into a single savings account to earn more interest than they could as an individual, and only one person getting paid all of the interest. So some people like doing that because their alternatives are non-existent.
You can make a competitor to that or something slightly different and get people using it.
With all due respect, I think you're off on point C. There are a plenty of vulnerabilities as a result of code issues.
Look at the great work that Trail Of Bits (no affiliation) has done in this space and you will see some great examples. There are a few folks that do solid audits, thought you are right there's no guarantee and it's expensive.
As to your point that user's don't care, I think that's the real answer, and it's a shame. Do you think the user base is not technical enough to care?
Sure, so first what I avoided saying is that plenty of code has intentional or unintentional backdoors and nobody can ever tell the difference of intent if those backdoors get used. It is a sad and risky part of the space for the users, but doesn't undermine any point I made about how the developer makes money. It does undermine how comfortable a publicly facing developer would want to be. Even if the developer does get vilified publicly and professionally or actually incurs some legal liability, they can still just change aliases or release more autonomous code under a new pseudonym. Either way it really amplifies their - or some other developer's - earning potential. And users can also buy third party insurance (which is its own sector and has its own growth challenges).
Secondly, another thing I was alluding to is that you can just copy working code. You can deploy the exact same service as someone else and compete directly. Too many developers think they need uniqueness, which may have been true in the "I can only get recognition from VCs to make real money" world. DeFi development is analogous to launching a grocery store offering slightly different brands. The code you copied from having already been audited.
Third, everything I wrote before was assuming no malicious intent. So if we are copying code for the most part, it moves the vulnerabilities to the closed source oracles and the behavior of the oracle's sources of data.
I'm always open to having this conversation, in general top level hackernews has not been ready for that conversation and they want to debate largely irrelevant things about their feelings over blockchain, as opposed to the state of various sectors in the space that they aren't aware of. So leading with nuanced discussion would hurt the visibility of what I actually have to contribute.
