When it comes to whether a project is legit or not, I honestly care more about GitHub and audit reports than about candlestick charts… But beginners shouldn’t be fooled by the words “audited.” First, check which version the audit is for and the specific time point—then confirm whether the contract was upgraded afterward and whether the commits match. Next, see whether the problems were truly fixed; don’t just stare at the “resolved” tag—check what the fix PR actually changed.



Upgrading permissions is also crucial: for multi-signature, how many people are involved, what the threshold is, and whether there’s a timelock (the kind that gives everyone time to react). Otherwise, even the best audit can be bypassed if an admin can upgrade the logic with a single click.

Recently, AI Agent and automated trading have been getting a lot of hype. The more on-chain interactions you automate, the more you need to scrutinize authorization and upgrade permissions—don’t treat your wallet like it’s meant to be run as a script… In any case, before I grant authorization, I’ll take another look; I’d rather move a bit slowly.
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments