For my kind of “instant noodle” leveraged setup with add-ons, the thing I fear most isn’t losing money—it’s getting involved in projects that “look busy and lively but nobody really manages”… Recently, I’ve been watching the L2s start competing again on TPS, fees, and subsidies. They can talk a big game, but what I care about more now is a down-to-earth method: whether GitHub, audit reports, and upgraded multi-signatures are actually reliable.

As for GitHub, I don’t look at the fine-grained code details (even if I did, I wouldn’t understand); I just check whether “real people” are maintaining it: are commits consistent, are issues being answered, and are important changes explained—not some burst of commits and then it just sinks. Don’t put blind faith in audit reports either: having a report doesn’t mean there are no traps. I’ll look to see whether the scope is clearly stated, whether there are any high-risk items, whether issues have been fixed, and whether the fixes have any follow-up verification. Upgrading multi-signatures is even more straightforward: how many people sign, whether it’s the same group of people, whether there’s a timelock/delay—can someone change the contract overnight and bury everyone… In plain terms, it’s about breaking “trust” into several habits you can check. Over the long run, your head cools down a bit; otherwise, my emotions are far too easy to get burned.