I almost stepped into a trap just now, and the more I think about it, the more afraid I get…



There’s a project that looks pretty lively, with plenty of GitHub stars. They’ve also posted a bunch of audit reports—everything like Trail of Bits and Certik is listed. I originally thought about throwing in a little money to mess around, but then I accidentally went through their upgrade multisig addresses a bit more. Turns out, the owner permission is a 2/3 multisig—but among the three addresses, two are actually different wallets of the same person.

What’s the difference from a single-sig then?

After I came to my senses, I realized that many people only look at whether there is an audit report—“yes” or “no”—but what you really should check is whether the audit scope includes the “upgrade logic,” and whether the multisig signers are truly distributed. The GitHub stars might be high too, but the code hasn’t been updated in half a year; all the commits are just changes to the README.

Big transfers get treated as “smart money,” but it might simply be them switching to a new wallet—don’t add drama for yourself. Anyway, I’d rather scroll through a few more pages of on-chain data now than trust those four words: “audit passed.”
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned