I’m currently looking at the project “Trustworthy or Not,” and instead of starting with the narrative, I check two things first: the GitHub and the audit report. GitHub isn’t about whether it has enough stars. I look to see whether updates follow a pattern, whether bug fixes are being reviewed by others, and whether key changes are explained. If a project hasn’t been touched for half a year and then suddenly makes a big overhaul, I’ll have a question mark in my mind. The same goes for audits—I don’t think “having an audit” automatically means security. What I care more about is whether the issue checklist has truly been fixed, and whether the upgrade logic has been clearly laid out.

I also put a lot of emphasis on multi-signature upgrades: who the signers are, whether they’re decentralized, how many signatures are required, and whether there’s a timelock (giving everyone time to react)… in plain terms, whether they can “suddenly change the rules.” Lately, hardware wallets have been out of stock, and phishing links are everywhere. I’d rather keep my money under rules that I can sleep soundly with.

What I fear most isn’t slowness—it’s disorder. Slowness can be tolerated, but disorder can bring surprises at any moment. For now, keep the position smaller so emotions are less likely to be led around.