If anyone trusts a rails app for real money, they're an idiot. Homakov made his report today and they'll patch these bugs but did he get them all? What about new code that is written? Will he watch every commit made in the future? Or the deployment environment? What about code that was out of scope for this assessment?
An audit report like this does not make a secure app. And Rails does not lend itself to one either. Without any mitigating controls, all it takes is one bug and you lose all your bitcoins...
Yunbi Exchange - A crypto-currency exchange funded by BitFundPE
One World Coin
MarsX.io - Australian Cryptocurrency Exchange
Bitspark - Bitcoin Exchange in Hong Kong
Yes-BTC - Bitcoin Exchange in Taiwan
Mulcoin.com
ecoinz.info (Launch soon) - New Zealand Cryptocurrency Exchange
An audit report like this does not make a secure app. And Rails does not lend itself to one either. Without any mitigating controls, all it takes is one bug and you lose all your bitcoins...