It’s not possible to write a “formal specification for every possible issue in computer software” I agree. But it is totally possible to write a guideline that describes 10 main principles of secure software development that if violated will inevitably result in the lost funds for the end user.
I’m not saying “we can solve all security problems with this proposal”.
I’m saying “we can prevent the most obvious issues with this proposal and save a lot of end users funds”.