There’s no denying that 2020 has been a particularly fruitful year when it comes to decentralized finance. However, DeFi has shown two faces: successful projects on the one hand, and scams on the other.
The decentralized finance (DeFi) sector has seen growth this year in both the number of new projects and the total value locked (TVL) in the various protocols, which have surpassed $1 billion within a few months, and are still growing.
However, this industry has also brought with it unscrupulous people who have taken advantage of this hype to create projects with incredible promises or unique features and then pull off exit scams. A pattern that some of us had seen back in the days of ICOs (Initial Coin Offerings).
Among the new DeFi projects that appear out of nowhere, there are in fact real scams, since in many cases there isn’t even a whitepaper.
How to recognize DeFi scams
In order to address this problem, we will focus on a few key points to determine whether a project is good or not and increase our knowledge on how to move before interacting with it.
As mentioned, there are many projects in this area, but if we analyze them more closely, we will see that most are copies of other more famous ones, such as the various DEXs that offer the possibility to trade tokens.
So in a first analysis, we should ask ourselves whether the project is not already in place, because if so it is often not worth the investment or at least it would take deeper research to understand if there are other weaknesses.
Would you prefer to trade your tokens on ScamSwap or Uniswap?
After checking whether or not the project is different than others, we move on to verify if the source code is available and open to everyone, so we can review it thoroughly. This is not the same thing as having a page on GitHub with information corresponding to the smart contract code.
It’s enough to make a simple comparison between the code found on GitHub and the smart contract code to understand if there are differences, where and why: while it’s true that most people wouldn’t be able to read the various functions, it’s certainly easier to check if there are variations, line by line, also because often there aren’t many lines of code to check.
Add to this the updates and interactions on the project page on GitHub: this platform allows to check not only who created the project, but also allows to monitor the activity and understand how long it has been active and updated. A higher frequency of activity often also corresponds to higher reliability of the team working on it and not having abandoned it after creating it.
If the code is open to everyone, the next step is to check if it has been verified by a dedicated auditing company, in other words, if there has been an audit that certifies that the content of that code does not have any known flaws or problems that could harm the end-user (for example, some badly written string that prevents the transfer of the token or that allows the funds to be drained from the smart contract).
Be careful though: even if a project has passed one or more audits, this does not mean that it is risk-free, but it does mean that the risk is mitigated for all those features and problems already found.
If, on the other hand, a way is found to breach the smart contract that was previously unknown, then there is no audit that can protect users’ funds.
Usually, the audit information can be found at the bottom of the project page, but also on the various GitHub pages of the project itself, since it is a source of reliability for the project to have passed an audit: these are very expensive “certifications” that scam projects usually don’t have.
A DeFi project team
It may seem stupid as a thing or even obvious, but few people take the trouble to check who is actually behind a project, especially if it is new, because often having someone to interact with allows to better understand the people, what they did or developed before that particular project.
Let’s not forget that on the blockchain anyone can create a smart contract, write a post on social media to launch the project and then wait for someone to notice and use it.
Having social media where you can identify the various promoters also helps to better understand the scope of the project as well.
For example, a criminal might use Tornado Cash to send funds, create a smart contract, and launch his evil project. In that case, few would check the transaction history, noticing the anonymous transaction.
In the case in which in addition to the project there is also a dedicated token, then an additional verification that is necessary to make is concerning these tokens and their distribution, because anyone can create a token, and everyone is free to distribute it as they see fit, but if they are all free and unbound, the same team might liquidate them all and make the value of the token plummet, leaving its holders with a worthless and useless token.
So, as far as the token is concerned, it is necessary to consider the total supply of the token, its distribution, and whether there are any funds locked for a certain period of time, which the team cannot sell and liquidate.
In fact, if the team has part of the supply but this is locked up for X years, then it is very likely that the project is solid and with a long-term vision.
These are just a few of the points worth keeping in mind when looking at a new project, they certainly do not cover everything, but at least they give an overview of the most important things to check when approaching something new.