How to avoid participating in Defi projects that have the risk of running off the road? 5 ways to teach you identification
“Will this project run away?”
If you are a DeFi investor, the most worrying thing for you is this issue.
This can happen in a variety of ways, for example, when the developer provides initial liquidity, raise the price, and then withdraw the liquidity before the investor exits. Another common method is to build a website and then shut it down after attracting hundreds of thousands of funds…
According to Ciphertrace, in the second half of 2020, nearly 99% of Defi projects have experienced such phenomena.
Examples of DeFi runoffs in 2020 include:
- Emerald Mine
In this article, we will use several perspectives to help you see or avoid the potential runaway risks of DeFi projects.
Unverified contract code
Smart contracts are usually open to anyone for verification, so that the public can view the role of the code and audit it for any suspicious functions.
Deploying unverified code on the blockchain means that no one can view what is written in the code. Malicious actors can execute malicious code at any time and transfer funds locked in smart contracts elsewhere to other addresses without your permission.
Examples of unverified contracts
Develop and release projects in a hurry
Most legitimate projects take months to plan, promote, and launch. If you find that a project has evidence that the development and start-up time is in a hurry, you should draw attention immediately.
For example, many Uniswap projects simply fork the Uniswap code base and make rapid changes to the front-end interface, leaving a lot of unfinished work. These are signs of potential runaways.
For example, in the case of Wineswap, which defrauded users of $344,000, the developer did not bother to change the token name in the contract, but only used the name Sushiswap .
For another example, many forked projects do not provide any unique advantages or functions. On the contrary, they just make simple UI adjustments to well-known projects and rename themselves as legitimate projects.
WaveSwap — a front end similar to Pancakeswap
Fake social media activities
Social media activities can be faked by robots and automated software. These automated robots can like, repost, comment and share posts on a large scale while participating in airdrop activities.
If these accounts have little content other than likes or forwarding promotional posts and content, it can almost be determined that these social media accounts are faked by robots.
Examples of possible bot accounts
Therefore, when investing in a DeFi project, be sure to check its social media accounts-Twitter, Telegram, Discord for bot activity. Is the user a real person or a robot pretending to be a user?
Not audited or audited by an unknown auditor
Since the DeFi agreement is interrelated with other parts of DeFi and may hold millions or billions of dollars in customer funds, audits play a key role in providing second opinions on the quality of smart contracts.
However, auditing is not foolproof, and many protocols have been hacked even if audited by reputable companies.
The first layer of security is to allow reputable auditors to audit smart contracts. Audits that we believe to be reputable include PeckShield, Trail of Bits, Quantstamp, and Slowmist.
The auditor will review the code base of the project and discover issues that may need to be fixed based on their severity. At the end of the audit, the audit report can be made public.
Audit example to check code
Auditors with poor reputation may pose significant risks to user funds because they may affect the quality of audits or may not have extensive experience in auditing complex smart contracts. Some good projects even hire multiple auditors to audit the smart contract code to determine the level of trust in the agreement.
Using a third-party review platform like DeFi Safety can also help alleviate concerns about multiple factors such as code quality, team, testing procedures, security procedures, and access control.
No time lock or multi-signature mechanism
Smart contracts can usually be upgraded or have functions called by the administrator, usually the address where the contract is deployed.
These functions include creating a new liquidity pool or changing protocol parameters such as withdrawal fees in the case of AMM.
The time lock is usually a piece of code, which arranges the changes of the smart contract after the time-based escrow. It is essentially the function of locking the smart contract until a predefined period of time has passed.
For example, if the contract has a 48-hour time lock, any changes through the smart contract must be queued and can only be executed after 48 hours.
The time lock gives users enough time to react to changes in the smart contract. If they object to a particular change, they can withdraw funds from the agreement before the change is implemented.
Pancakeswap uses a 6-hour time lock to give users time to react to protocol changes.
If there is no time lock, smart contract administrators or supervisors can submit malicious transactions and immediately destroy the entire agreement.
Some projects may use multiple signatures instead of time locks to perform protocol changes. In the case of multi-signature, it requires multiple signatures for a transaction to be executed, and the transaction may be set to be authorized by most signers before being sent to the chain.
Many protocols use multiple signatures to control parameters. For example, Curve is the co-signer of yEarn Finance’s multi-signature governance, and it manages the minting of new YFI tokens.
If a project does not have these, then please be extra careful, because the developer has full control of your deposits and can withdraw or transfer them at will.
New projects can embezzle your funds in many ways. In fact, if you think something is too good to be true, or seems suspicious from your instincts, avoid it. There is no reason to risk losing all your funds in order to earn a few more dollars.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/how-to-avoid-participating-in-defi-projects-that-have-the-risk-of-running-off-the-road-5-ways-to-teach-you-identification/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.