I just finished reading an audit report… honestly, the more I read, the more I feel that “credibility” is like reading a contractor’s renovation quote. You can’t just look at what they wrote—you have to look at what they didn’t write. For example, did they mention a time-lock period for upgrade multi-signature authority, or whether, in the GitHub commit history, a bunch of “urgent fix” commits suddenly appeared.



If you’re a beginner and want to understand it, my approach is: first check whether the contract has a time lock, then see whether the multi-sig address is a “cold signature” or a “rotating signature” setup—basically, whether the money and the people are separated. Then go to GitHub and browse their issues from the past few months to see whether anything got called out and attacked due to a specific vulnerability. It’s like looking at a restaurant’s hygiene rating: just checking the final score isn’t enough—you also need to see whether there have been complaints.

Lately I keep seeing people complain about the MEV portion in miners’ income. Some people think that if the orderer isn’t transparent, it’s “backroom operations.” But it’s actually easy to understand. It’s like you’re lining up to buy milk tea, and then someone gets to cut the line using connections and also has to pay extra—dressed up as a “priority service fee.” For retail users, this definitely doesn’t feel great. But in any case, my principle is: if you don’t understand a protocol, set it aside for now—don’t rush in.
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned