How can something both be a dark art with no actual organized space for best practices and also have it be extreme negligence and stupidity for somebody to fail to follow these best practices? I'm not aware of any other area of software engineering where best practices are only just floating around on twitter.
That’s the closest thing to a collection of standard contracts for protocol builders to use that I am aware of. I’m more on the MEV side - I try to profit from protocols rather than build them. So it wasn’t my first thought.