sudo rm -rf --no-preserve-root /Thought experiment: Let's say a black hat breaks the deposit contract due to a 0-day in the Solidity compiler & drains all ETH balance. Would we agree to re-org? My personal overall conclusion is the deposit contract must become core client functionality & not a contract itself.
makemake 
@pcaversaccio im very much against ISCs, and a precedent was set to not do them after The DAO, but i think an exception would be warranted in this case