When assessing the credibility of a project, I really don’t look at the K-line first; I check GitHub and the audit reports… But beginners shouldn’t be fooled by “number of submissions,” as many are just editing the README for show. More practical is to see: whether the core contracts have had major updates recently, who is reviewing, whether anyone is chasing bugs in the issues and if there are responses. Don’t just look at the words “audited”; focus on the unresolved or accepted risk items, how the project team explains them, and their attitude—these are more valuable than the conclusions.

For multi-signature upgrades, I’m more meticulous: how many signatures, who the signers are, whether there’s a time lock, and ideally, see the on-chain history of operations. Recently, those new L1/L2 projects are incentivizing while pulling TVL; it’s normal for old users to complain about “mining, dumping, and selling.” In short, money comes fast and leaves just as quickly; if upgrade permissions aren’t controlled, it’s even more risky.

What I fear most isn’t losing money, but waking up one day to find the contracts upgraded and the rules changed, and I still think I’m playing the same game. Anyway, even if I’m increasing my position now, I’ll first review permissions and audit reports again—just to ensure I can get out alive.