Recently I saw a project that’s planning an upgrade. The multisig address was changed, and the audit report on the GitHub repo has been updated too. In the past, I might have just clicked “Approve” and moved on, but now I look at it a bit more closely—who conducted the audit? Do the timestamps match the code commits? Are the commits in the repo signed? In fact, when a newbie reads “trustworthiness,” they can focus on three things: what the code changed, who signed it, and whether there’s on-chain verification. There was a lot of community debate over that incident involving extreme funding rates, but I still don’t feel comfortable using that as the direction—I'll first check whether there were any abnormal outflows on-chain. Anyway, that’s just a habit I’m sharing; it might not be right.

View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned