I just finished reading the code of a project that claims it was audited by three firms. Its GitHub has more than 2,000 stars, and all the commits were made within the past two weeks. Honestly, when I look at a project’s “credibility,” my first reaction isn’t to check how many pages its audit report has—I first want to figure out who’s actually managing the upgrade multisig. Are the signers real people or bot wallets? How often do they move funds? And did the signer get changed right before sell pressure kicked in?



I don’t really trust the GitHub star count on that white-background, black-text page. Instead, the interaction in the issues section and the speed at which PRs get merged are more useful indicators. As for the audit report, I look to see whether the scope states that it’s only covering business logic, and whether those common pitfalls—like gas optimization and reentrancy—are directly marked with something like “the project team bears the risks.” Reports like that are basically tantamount to running around in the nude.

Recently, the macro conversation has been focusing on rate cuts again. Risk assets move up and down in sync with the U.S. dollar index like conjoined babies. I’m actually more concerned about whether the on-chain gas structure has any abnormal jumps. If the chain suddenly gets congested and the upgrade multisig starts working all of a sudden, it feels like a smoke alarm going off while nobody moves in the hallway.

Save the screenshots, but don’t just save them—make sure you actually look.
USIDX0.05%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned