Recently, I’ve been asked again: what do I think about whether GitHub, audits, and multi-signature upgrades are “reliable”? To put it plainly, beginners shouldn’t try to understand the code all at once. First, look at three things: whether there are really people working on the repository (not just pushing everything at once on the day they issue tokens), whether the audit report writes the risks in plain language and clearly states the “uncovered scope,” and also who holds the upgrade multi-signature and whether they can change the rules at will. If it’s 3/5 multi-signature but all the signers are the project’s own people/insiders, then it’s basically the same as a single-signature… Anyway, I care more about “who can take action” and whether there’s any delay or announcements when they do.

These days, all that heated arguing about privacy coins and compliance for mixing has been going on hard, and I’ve become even more cautious: once risk control/freeze is involved, upgrade permissions are the lifeline. Even if you keep trying to trace the “echoes of liquidation waves” on-chain, you can’t save it.

By the way, I recently scaled down my goal: instead of trying to read through all the materials in one go, I just read one page of the audit conclusions every day plus one multi-signature change record. As a result, I end up sticking with it longer instead. Living through it matters more than looking like you understand it.