When I’m judging whether a project is reliable, I don’t check the K-line first. I check GitHub, the audit reports, and then how the upgrade multi-signature holds the keys. A beginner-friendly version: GitHub doesn’t need to be the liveliest—what matters is what they changed, who’s reviewing it, and whether anyone will take responsibility if something goes wrong. Also, don’t just look at “passed” in the audit report; find out whether any high-risk issues remain unaddressed, and whether the fixes are just being postponed with “we’ll do it later.” Upgrading the multi-signature is even more critical. Plainly put, it’s about who can change the rules with one click—how many people have to sign, whether the setup is distributed, and whether there’s a delay. It feels like looking at “backup”: it’s not safe just because you have one backup. You need multiple backups, stored separately, and the ability to recover when it really matters, but without messing around during normal times.

Recently, there’s been a heated argument about NFT royalties, but I care even more about this: when the protocol is upgraded, will they change things in a way that wipes out the creator’s revenue logic? Secondary liquidity matters, of course, but who decides whether the rules are hardcoded or left flexible—still comes back to the multi-signature and the governance terms. Anyway, the moment I see the words “upgradable,” I instinctively start looking for where that key is.