Sometimes (not always) some of these attacks can be avoided. I have been reading about this topic for a long time because I am very interested in it. Many of the platforms that have suffered attacks and theft of funds have been for wanting to launch the product as soon as possible. Unfortunately, some developer teams think that it is enough for companies like Certik to audit the code, and that is a serious mistake. I also think it's a mistake that the code is available on sites like Github, for example, some teams have all the code open to the public and that gives attackers an advantage.