Existing vulnerabilities in smart contracts
Vulnerabilities in smart contract have the potential to be very serious. Given that the smart contracts are placed on the blockchain, any party is able to inspect the smart contract for vulnerabilities and then exploit the resulting flaws. Further, once deployed, most of the smart contracts are not able to be updated meaning that flaws are irrevocable. Since the smart contract is likely to manage actual financial assets, people have a direct financial motive for attacking the smart contract.
The most well-known attack against a smart contract was the DAO attack in which an attacker managed to steal almost $50M before being detected. This attack was only reversed following a very controversial fork of the Ethereum blockchain. This attack was the result of a simple (and indeed well-known) programming flaw in the smart contract itself.
The need for formal verification of smart contracts has been widely recognised over the past two years and there has been some initial work done in this area.