Audit, verify and decide, the 3 golden rules in DeFi (Part III)

What should we analyze?

Now we need to learn to assess other facts that provide us with extra information about aspects and characteristics of the project itself, in order to continue helping us identify scams beyond the scope of programming (technical part), and more in the internal management of the project in key functions. To do this, you will have to investigate important and unique aspects that all projects have in common, regardless of the network they belong to:

1. “Governance”: It is important for a project to implement a decentralized governance system where users can participate in decision-making, providing a much safer investment environment. The detail is to verify if the voting comes from the chain itself or if it comes from outside, as the execution is not the same and even the proposal to be voted on may differ.

2. “Documentation”: Its quality says a lot about a project in every sense. In it, we should check the White Paper, its functionality, or the system used for the creation of smart contracts. It is interesting to assess if these documents only contain general descriptions or if they have high-quality and detailed technical specifications.

No hay texto alternativo para esta imagen

In general, all code published in a repository should be clear and concise (GitBook or GitHub) so that users can easily read it and understand the functionality behind the project. If the code is complex, it could be due to a clear intention from the development team to hide backdoors or other malicious functionalities.

3. “The positioning, behavior, and track record of the development team” are vital to understand if the project is open, flexible, and responsive to a community or problem. Knowing if it is an open or anonymous team, if the project includes an open-source software repository, what the development history of the project is, or what experience and reputation the project team members have are, at the very least, the requirements you should apply as a standard.

4. “Social networks”: These show us if they are good communicators, if they frequently post updates about the development, and generally indicate the state of the project. We can also assess how active their blog, website, or other communication channels are, as well as determine how regularly they communicate. Logically, we should avoid projects that do not provide complete information, ignore questions, or fail to respond to user requests. Also, be cautious of projects that offer strange promotions or make suspicious promises of high profitability.

No hay texto alternativo para esta imagen

5. “Uniqueness”: Before investing in a new project, try to understand where the offered performance comes from and what value it brings to the ecosystem because if it is a copy of a copy and lacks originality, your results won’t be either. We should be aware, due to our understanding of the ecosystem, that if there are no innovative ideas behind a project, there should be no reason to invest in it either.

6. “Automation” of certain processes (such as security audits of smart contracts) should be continuous and incentivized to provide a high standard of security to the entire project as a whole. Avoid flat and static audits in a PDF format. Some protocols are already using AI to create false appearances, so be cautious.

No hay texto alternativo para esta imagen

7. Finally, and no less important, look for “additional information” in each protocol you are going to interact with. For example, find out if it has multi-signature functionality, how many parties belong to this multi-signature, and how many are required to validate the signature and execute a transaction. Another important piece of information is to know who manages their treasury and how the resources are spent each year.

The analysis of smart contracts can be a complex and technical process. It is advisable to seek the guidance of experts in security and smart contract development to conduct a comprehensive evaluation…….