With Crypto, for every strong project there may be a scam or rug pull waiting to happen.
Here is a guide on how to spot red flags for new projects and help protect yourself from bad actors.
🧵
Here is a guide on how to spot red flags for new projects and help protect yourself from bad actors.
🧵
1/ This thread will go over
- TokenSniffer
- Etherscan
- Github
- Twitter
- TokenSniffer
- Etherscan
- Github
2/ @Token_Sniffer
If you are going full degen into new small caps, one tool you should look into is Token Sniffer. With Token Sniffer, you can paste in any contract address and it will analyze the address to see if there are any potential red flags with the address.
If you are going full degen into new small caps, one tool you should look into is Token Sniffer. With Token Sniffer, you can paste in any contract address and it will analyze the address to see if there are any potential red flags with the address.
3/ One useful place I like to look at is Similar Contracts, which shows you if a project is a potential fork of another project.
4/ Etherscan
Another way you can spot red flags is through the contract itself through Etherscan or default blockchain explorers for other chains.
Another way you can spot red flags is through the contract itself through Etherscan or default blockchain explorers for other chains.
5/ To get started, search up the token contract and go to the contract tab.
Here, you will be able to see the fully deployed contract and be able to start looking for red flags.
Here, you will be able to see the fully deployed contract and be able to start looking for red flags.
6/ Here is a list of things to look out for
- Verified Contracts
- Proxy Contracts
- Upgradable Contracts
- Migrator Function without Timelocks
- Verified Contracts
- Proxy Contracts
- Upgradable Contracts
- Migrator Function without Timelocks
7/ Verified Contracts
The first thing you should do is note if the contract code is verified or not.
The contract will be verified if there is a green check mark under contracts listed below.
The first thing you should do is note if the contract code is verified or not.
The contract will be verified if there is a green check mark under contracts listed below.
8/ Proxy Contracts
The next step is to go into the contract and look to see if there is a proxy involved.
You can see if there is a proxy contract involved by looking at the Read and Write permissions listed in the image below.
The next step is to go into the contract and look to see if there is a proxy involved.
You can see if there is a proxy contract involved by looking at the Read and Write permissions listed in the image below.
9/ Also, if Etherscan identifies a proxy contract you can also click on “More Options” and see the “Is this a proxy?” button listed.
Click on that and it will take you to the Proxy Verification page where you can look up the contract.
Click on that and it will take you to the Proxy Verification page where you can look up the contract.
10/ Upgradable Proxy
The other thing you can look out for is whether the smart contract can be modified after development.
To avoid this, you can go to the “Search Source Code” function, type in “upgradable” and press enter to see if there are any “upgradable/proxy” entries.
The other thing you can look out for is whether the smart contract can be modified after development.
To avoid this, you can go to the “Search Source Code” function, type in “upgradable” and press enter to see if there are any “upgradable/proxy” entries.
11/ Migrator Function without Timelocks
Having a Migrator Function without a Timelock allows the owner to drain funds at any time immediately.
To see if this is a potential rug first type in "Migrator" in the search button and see if you find any migrator functions.
Having a Migrator Function without a Timelock allows the owner to drain funds at any time immediately.
To see if this is a potential rug first type in "Migrator" in the search button and see if you find any migrator functions.
12/ If you do, the next step is to search "timelock" or "timestamp."
If you can't find any instances of these two functions, you should treat this contract with high caution since it could potentially rug at any time.
If you can't find any instances of these two functions, you should treat this contract with high caution since it could potentially rug at any time.
13/ I have learned about these red flags from @OnChainWizard so highly recommend you follow and read through their whole article here.
@OnChainWizard 14/ This is just the tip of the iceberg in terms of potential rugs or exploits but knowing this alongside other methods can help you spot low effort rugs and identify more potential red flags in the future.
Here is a thread from @CJCJCJCJ_ that shows this in action.
Here is a thread from @CJCJCJCJ_ that shows this in action.
15/ Github
Personally, the most upstanding projects I see in the space are developed out in the open.
If a project is not sharing their code in public, it doesn’t mean the project is bad, but you should do extra due diligence.
Personally, the most upstanding projects I see in the space are developed out in the open.
If a project is not sharing their code in public, it doesn’t mean the project is bad, but you should do extra due diligence.
16/ Nobody can verify code that isn’t public, and it certainly isn’t the standard.
For Public Repos, Github is a great tool to follow development online to see if there are actually devs working on the project.
For Public Repos, Github is a great tool to follow development online to see if there are actually devs working on the project.
17/ You can see an overview of code development through the Insights tag under any repo. Here is a guide I have made to get you started.
18/ Twitter
One potential red flag I have seen on Twitter recently is a new project coming out of nowhere with strong followers and exposure.
One potential red flag I have seen on Twitter recently is a new project coming out of nowhere with strong followers and exposure.
19/ While this isn’t always the case, there is a chance that the new project may have botted followers or purchased another account while swapping out the handle.
20/ If you suspect this to be the case, you can search up Twitter profiles using @BotSentinel, a website that allows you to analyze Twitter profiles and see its name change history at the bottom if there is a history.
There are many more ways to help you spot red flags in the future, but this should be a good first step if you are getting started.
Loading suggestions...