Recently, I’ve been checking whether projects are reliable or not, and I’ve set up a little "don’t jump to conclusions" process for myself: first, I go to look at GitHub, not to see how many stars it has, but to check if updates are ongoing, if there are reviews on changes, and if people are really arguing about bugs in the issues. Then I look at the audit reports, focusing on two sentences: what was discovered and whether it was finally fixed; those that say "Known risk: future upgrades may introduce new risks" are basically meaningless. For multi-signature upgrades, don’t just look at "multi-sig = security," also check how many people, who they are, if there’s a timelock, and whether the logic contract can be changed with one click. (Seeing 2/3 familiar signers makes me start to worry.) Recently, everyone’s been complaining about MEV and fair ordering, but I care more about whether the project clearly explains "who can modify the protocol," because if the validators’ income pressure kicks in, small retail users on-chain will be even more like being run over by a bulldozer. Anyway, I’d rather have slightly lower returns than wake up in the middle of the night to find the contract has been upgraded into another octopus.