When I’ve been reviewing projects lately, I go with the “coffee three-piece set”: GitHub, audit reports, and multi-sig upgrades.

On GitHub, I don’t care how many lines you’ve written; mainly, I look at whether people are consistently doing real work, whether issues/PRs are being answered seriously, and whether fixes are quick when something goes wrong. As for the kind that’s lively for a week and then it’s all “next time for sure” afterward—I’m going to let that cool off first.

For audit reports, don’t just stare at the logo either. Flip through and check whether serious issues were truly addressed, whether there’s a second confirmation after the fixes. A lot of reports, honestly, are just saying, “That version was fine at the time.”

Multi-sig upgrades are even more critical: can you see who is signing in a timely way, what kind/how many keys are required, and whether there are delays or “escape pods”? Don’t have me wake up one day to find the contract changed while I’m still dreaming about being an LP.

Also, let me vent a bit—recently, the tagging system of on-chain data tools has been criticized for lagging, and I totally understand that… In any case, I treat tags as a reference now, not the truth.

Yeah, I still believe: a team that takes security and transparency seriously will ultimately be worth a little more.