So far limitation has not been money but that availability and skill of the reviewers.
Even for us willing to spend money, we have been waiting for a period of time to get GitHub - near/core-contracts: Core contracts: reference staking pool, lockup, voting, whitelist, multisig. reviewed. It’s especially hard when new versions are keep coming.
I think having better practices around secure releases is for sure important part.
One of the important parts is figuring out how to rollout updates which are fixing other problems. Making sure there is still a rigorous review and testing process involved in that case.
Separately, I have suggested to create a sandbox environment that would prevent major issues via set of invariants maintained: [Discussion] Smart Contract Container.
I think this can lower barriers of trying things when the risks are low. This can also be used for period of time after upgrade to limit potential issues that upgrade have brought.
Meantime, we are definitely looking for more reviewers to bring into the ecosystem.
Question to @peterflux is really who will be sourcing and coordinating reviewers in the proposed DAO? For example, for DeFi currently Proximity Labs already doing this.
Also if you are suggesting that it’s only reviewed by already existing core developers - they are already doing that. @evgenykuzyakov have been doing that for a long time now. And they are paid for that from the company they are working for. Creating extra incentive like this albeit theoretically may sound good, creates extra problems IMO. Also they are not professional reviewers and so resulting reviews are not as structured as one would expect from the audit firm.
So I would really prefer we are able to bring more reviewers into NEAR ecosystem with initiative like this. We have been exploring various ways to do this already.