Top 10 Checklist for Assessing a New Protocol

Articles
Written By Dylan Lodge-Calvert

When exploring the landscape of blockchain protocols, a systematic approach is essential for informed decision-making. This checklist is critical to our comprehensive risk management strategy, designed to filter out poorly managed and potentially fraudulent projects. By utilising this approach, we prioritise the security and performance of our portfolios in an ecosystem where preventing significant losses is paramount.

STEP 1: Go to Coinmarketcap, Coin Gecko, and Defillama.

  • Check stats including market cap, volume, total value locked, active users, fees generated, and treasury.

  • Check which CEXs and DEXs offer spot and/or derivatives trading, also check their confidence & liquidity score on coinmarketcap.com

  • Check the contract explorer relevant to the protocol (e.g. etherscan.io for Ethereum-based protocols). Transactions, number of holders, market cap, and other information can be found there.

STEP 2:  Check 3rd party audits.

  • Certik, de.fi scanner, hacken, and cyberscope are some websites that offer audits.

STEP 3: Check the protocol’s website (only click on official links, you can find the protocol’s official website through CoinMarketCap to avoid any fake impersonating websites).

  • Run the website URL through a checker like https://www.urlvoid.com/ for known scams and issues.

  • Look for spelling mistakes, broken links, and general website functionality for red flags.

  • Check for an official business registration number and office location if applicable.

  • Fill out the “Contact Us” section.

  • Check the terms and conditions and privacy policies. Make sure the details are relevant to that protocol. Also run the website details, terms and conditions and privacy policies through AI to find any errors and anomalies.

STEP 4: Check the team and community.

  • Is the team listed or are they anonymous?

  • Check LinkedIn profiles if available, do research on the team, and reach out to them. Have there been any changes to the team or have any of the team left?

  • Check their socials (X, Discord, Telegram, etc.) for activity, followers, account age, and engagement.

  • Check for community feedback, reviews, and news articles on Google and other public forums.

STEP 5: Check if there is a whitepaper.

  • Is it professional, in-depth, and well-articulated?

  • Does it clearly outline their tokenomics and a plan for the project?

STEP 6:  Check for centralisation.

  • How much of the supply do the top wallets hold, does it match their tokenomics?

  • Do they have a DAO? Has the project had any proposals or changes made?

  • Check the decentralisation of their validators if applicable.

STEP 7:  Check for code security and developer activity.

  • Track Githhub developer activity and the number of developers.

  • Do they have bug bounty reward programs?

STEP 8: Check what interactions are required, does it require bridging funds to a different chain?

  • If the protocol is on a chain like Arbitrum, do research on the bridge suggested by the protocol and its liquidity. To date, cross-chain bridges have been hacked for more than $2.8 billion—representing almost 40% of the entire value hacked in Web3, according to DefiLlama.

  • Use a bridge suggested or offered by Arbitrum themselves, try a test amount first, set slippage settings, and don’t bridge large amounts at once.

STEP 9: Check wallet settings.

  • Confirm multiple signatures are required on your wallet where applicable.

  • Check the slippage allowance, and set it to approximately 0.5% so a transaction will not occur further than 0.5% away from the current price.

  • Check if the wallet has built-in settings to detect scams and turn those on.

  • Check what custodians support the project, institutional custodians like Fireblocks, Kraken Custody, and Coinbase Prime provide some conviction.

STEP 10: Connect a canary wallet for testing.

  • Double-check the contract address that is trying to connect with the wallet.

  • Let the designated signers know about the test transaction and to only accept transactions that you have initiated.

  • Double-check the pending transaction approval screen in the wallet. Ensure that the values, source, and destination are correct and as intended.

  • Access the protocol through the canary wallet until confident the protocol is safe to connect with the main wallet.

Conclusion

The recent $1.4B hack on a Bybit wallet has accentuated the critical importance of risk management in cryptocurrency portfolios. At JellyC, protecting funds from downside risks is a top priority, especially given the nature of decentralised digital assets. This checklist to assess new protocols in the digital asset space is one part of our comprehensive risk management strategy. This approach helps filter out poorly managed and potentially fraudulent projects, ensuring the security and performance of our portfolios in an ecosystem where preventing significant losses is paramount. 

Sources

https://www.bvnk.com/blog/cryptocurrency-payment-scams-how-to-stay-safe

https://skynet.certik.com/projects/arbitrum

https://defillama.com/chain/Arbitrum

https://coinmarketcap.com/currencies/arbitrum/

https://tokenterminal.com/explorer/projects/arbitrum/metrics/all

https://bubblemaps.io/case-studies/

https://www.fireblocks.com/platforms/security/

https://chain.link/education-hub/cross-chain-bridge-vulnerabilities

Disclaimer

This article ("Article") has been prepared for informational purposes only and does not constitute an offer to sell or a solicitation of an offer to purchase any financial product or service. This Article does not form part of any offer document issued by JellyC Pty Ltd (CAR Number 001293184), a corporate authorised representative of TAF Capital Pty Ltd (ACN 159 557 598, AFSL 425925). Past performance is not necessarily indicative of future results, and no person guarantees the performance of any financial product or service mentioned in this Article, nor the amount or timing of any return from it.

This material has been prepared for wholesale clients, as defined under Sections 761G and 761GA of the Corporations Act 2001 (Cth), and must not be construed as financial advice. Neither this Article nor any offer document issued by JellyC Pty Ltd or TAF Capital Pty Ltd takes into account your investment objectives, financial situation, or specific needs.

The information contained in this Article may not be reproduced, distributed, or disclosed, in whole or in part, without prior written consent from JellyC Pty Ltd. This Article has been prepared by JellyC Pty Ltd, which, along with its related parties, employees, and directors, makes no representation or warranty as to the accuracy or reliability of the information provided and accepts no liability for any reliance placed on it. Prospective investors should obtain and review the relevant offer documents before making any investment decision.

Dylan Lodge-Calvert
Previous

Top 10 Crypto Risks Every Investor Must Know (With Proven Solutions)
Next

JellyC: A Contributor to Community and Ocean Conservation