Lately, when I look at projects, I don’t dare just listen to the hype in the group anymore; I prefer to honestly open GitHub and glance at the audit reports. To be honest, beginners can’t tell good code from bad, but they can see if it “looks like work”: whether commits are continuous, if someone reviews the changes, and if issues have responses. Don’t just look at the cover line “Audited” in the audit report; I usually flip to the high/medium risk pages to see if it’s actually fixed at the end, and whether they clearly explained how to fix it; if it’s not fixed and they’re still being stubborn, I put it aside first. Upgrading permissions is more straightforward: who signs the multi-sig, how many keys are involved, whether there’s a timelock (giving you reaction time), I’d rather it be slower. Recently, the debate over privacy coins/mixing has been pretty intense; the more they argue, the more I think “who can change the rules and how” is more important than the narrative… I just tried a small 30-dollar transaction first, since I’m not in a rush, and I’ll wait two or three days to see what happens.