According to code is law theory, you can do anything wit the codes, you can explore the bugs without being arrested.
No, "code is law" is a specific property of smart contracts, when the code, and only the code, is the contract.
Most, not to say, all, other code running is not a contract, and is supposed to implement intend, can hence contain bugs and exploits (= deviations from intend).
The funny thing is that the people crying about the absurd concept of "code is law" are the ETH guys, who were in fact promoting ETH because.... it proposed smart contracts and "code is law". Nowhere else, code is law. Not even the Ethereum or bitcoin system. There, code is trying to implement intend (of white paper protocol), like everywhere else.
It is hugely, mightily, ironic and funny that people crying "thief", "bug", "exploit", are the ONLY ONES that were touting "code is law" as the superior property of their baby, ethereum ! Nobody else in his right mind was ever considering "code is law".
On the other hand, a 51% attack on a block chain is also a rightful thing to do in a certain respect, because a block chain is supposed to be an emergent property of mutually antagonistic entities. The theory is that the emerging block chain will be immutable and respect the protocol, but that's nothing else but a hope for an emergent property. A 51% attack is nothing else but that hope failing. But a 51% attack is perfectly "legit" in the framework of block chains, as the goal of such a system is that every agent in the system tries to rip off every other agent. If some succeed, that's their good "right". A block chain is simply postulated to be the right thing that emerges from a war zone. If that theory fails (the "51% attack") that's a pity, but not unlegit in a war zone.