A Step-by-Step Guide For Researching DeFi Projects. No Programming Knowledge Needed!
DeFi is one of the hottest things happening in Crypto right now.
However, due to the lack of industry standards and regulation, and the in-built anonymity, there are lots of unreliable projects. According to blockchain analytics firm Elliptic, DeFi exploits have caused a total loss of $12 billion in 2021, of which $10.5 billion were lost due to fraud and theft.
In this article, I will provide you with a detailed guide on how to research and analyze DeFi projects and how to spot DeFi scams and rug pulls.
So you don’t end up like poor Wojak.
Disclaimer: the content of this article is only for educational purposes and should not be treated as financial advice. The projects used as examples in this article are randomly picked and I do not invest in any project mentioned in this article.
Before we get down to the main thing, let’s take a quick look at the most common DeFi rug pulls.
- DeFi Pump-and-Dump: the scammers create a token and hold a large amount of it in their own wallets. They then generate a lot of hype, such as making false promises and statements to make investors believe the token will have a revolutionary use case. As a result, investors start to buy, the price increases dramatically, which leads to people FOMOing (fear of missing out). Once the price has reached a certain level, the scammers dump their holdings (thus the name DeFi pump and dump) and disappear, causing the price to drop within a very short time period. There is no liquidity for investors to cash out and thus they end up with worthless tokens.
- DeFi Honeypot: the scammers lure investors to use a valuable coin (such as Bitcoin or Ether) to buy a token they have minted on DEX. However, the code prevents investors from selling the token. When the price has reached the desired price, the developers pull the valuable coin away from the DEX and disappear. A recent example of a DeFi honeypot scam is Squid Game Token. The scammers walked away with about $3.4 million worth of funds.
- Backdoor in the smart contract code: scammers write a smart contract code with a backdoor. This allows them to drain the funds locked in the smart contract when it is deployed.
12 Steps To Analyse DeFi Projects And Spot DeFi Scams
Alright, let’s get down to business. Here are 12 points you should research before you invest in a DeFi platform.
I have also covered the first 3 points in my big guide on how to properly research cryptocurrencies (which I highly
If you have already read that article, you can scroll down straight to point 4. This is where this guide’s DeFi-specific part begins.
1. Research When The DeFi Project Was Founded
When the project was founded is important. You wouldn’t trust a coin that appeared overnight very much, would you? A solid project normally takes a long time to develop.
A good starting point is to take a look at their road map. Some sort of project timeline should be available in the whitepaper or official website. It will give you an idea about what the team has achieved so far and what the next steps are.
Tip: Never trust a project with no official website and where the team only uses social media such as Reddit and Telegram to spread information.
No matter where you look, there is no information available about when the project was founded? You can still find out by analyzing their smart contract. I’ll show you how to do it as you read on.
2. Analyze The Team Behind A DeFi Project
This is a golden rule when it comes to analyzing DeFi projects and Crypto platforms in general: see who the people behind a project are.
It is always a big plus if you can find out information about the team. However, now many DeFi project teams prefer to stay anonymous. If the team does not want to reveal themselves, it does not mean that the project is not legit.
After all, the prime example of an anonymous creator is Satoshi Nakamoto himself.
To give another example, the team behind PancakeSwap, one of the biggest DeFi platforms, decided not to reveal themselves. Still, PancakeSwap is a legit project.
However, as an investor, you should understand that there is a risk when you don’t know anything about the team. For me, it always increases the likelihood that I am dealing with a scam. And if this turns out to be true then there’s not much stopping the developers from suddenly taking all the money and disappearing.
3. Check Out The Project’s Social Media Channels
A Crypto project’s social media channels such as Twitter, Telegram, Discord, Reddit, and Youtube are valuable sources to gather more information.
But.
Just having a presence on social media doesn’t automatically mean that a DeFi project is reliable. Try to dig deeper. Check out when their account was registered. Also, take a closer look at what content they publish. Do they share their progress on the project? Does the team offer insights such as explanatory videos that show how you can use their product? I also like to check out interviews with the founders and developers.
Tip: if a team does a lot of shilling of their token and talks a lot about price increases, then I would consider this as a warning sign.
One big advantage of social media is that they give you easy access to the people behind a DeFi project. Reach out to them. Ask questions from a fundamental and technical perspective. For example, what are their plans regarding a security audit? How do they make sure their code is free of bugs? Can they prove that they have locked their liquidity and for how long?
If they try to avoid answering those questions, or you get banned, muted, even kicked out, then it is probably a scam.
4. How High Is The Yield?
While the above 3 points where covering general advice when it comes to analyzing Crypto projects, it’s all about DeFi from here on.
Take a look at a DeFi project’s yield next. Investors are attracted to high yields because they want to maximize their returns. But if the yield is too high then you should ask some questions before you put your funds in.
For example, WhaleFarm promised investors 7,217,848% APY. In other words, by just investing $1 you would earn more than $72,000 in a year.
That’s insane. But still, many fell for it and WhaleFarm scammed investors for $2.3 million.
5. Analyse The Project’s Smart Contract Information On Etherscan
You should be able to find the project’s smart contract on the block explorer of the blockchain it is built on. For example, the smart contract of an ERC20 token or decentralized exchange based on Ethereum can be found on https://etherscan.io/. Another example, if the project is built on Avalanche, then you should go to https://avascan.info/ to check if it really exists.
Here’s a step-by-step description of how you check the smart contract code of an ERC20 token on etherscan:
A) Enter the token’s name in the search field of etherscan.io, then select the token from the suggestions.
B) Cross-check smart contract data with information in the project’s whitepaper/website. Maximum token supply and contract address should match what is said on the project’s Whitepaper or official website.
C) Check the details of the smart contract. Click on the smart contract address, then you will reach the following page, click on the transaction hash.
D) Check the timestamp which shows when the smart contract was created.
6. What Does The Token’s Distribution Look Like?
As a rule of thumb, a DeFi token or coin should not be in the hands of only a few wallets.
This can be checked on the blockchain platform where the token was launched. If a significantly large amount of the token is held in the top 5–10 wallets, that is not a good sign. It could mean that the developers have minted a lot of tokens and kept them in their own wallets, or they bought the token at a very cheap price at the very beginning.
Even if those wallets do not belong to the developers behind the project, it still indicates that there are whales who have the power to crash the price when they sell a significant amount of their token at once.
Here is how you analyze a token’s distribution on etherscan, using Shiba Inu as an example:
A) Go to “Holders”.
B) “Percentage” shows how much of a token is held by individual wallets. The quantity in the first wallet “Black Hole” indicates how many tokens are “burned”. The third one with the little gray sign in the front indicates that it is a contract address.
7. How Many Tokens Have Been Burnt?
Many projects initially create a large number of tokens which they then reduce by “burning” a certain percentage. This is done by sending the tokens to an address from which they cannot be retrieved.
Take another look at the image above. The “percentage” column shows how many percent of the total minted token each listed address is holding. For example, the 2nd largest holder “Binance 8” holds almost 4.4% of the total supply that has been minted. But as we can see, about 41% of the tokens are in the “blackhole” which can never be retrieved. So actually “Binance 8” is holding 43,840,556,082,612/(999,992,076,588,809–410,255,390,868,654) = 7.4% of the token in circulation.
Why is this important?
You should do such calculation for the token you want to invest in, because sometimes, after excluding “burned” tokens, some wallets could hold more than 10% of the total circulation. And as described above, that’s a big red flag.
8. How Much Liquidity Is There?
Liquidity refers to all the tokens and coins that are stored in the smart contract of a pool that can be traded against by traders. If the liquidity in the pool is very low, then it means there is likely not enough volume to trade and the price of the token will be volatile. The more money there is in a liquidity pool, the stabler the price is.
You can check several indicators to determine how liquid the asset in a pool is:
- Total value locked (TVL) of a pool: all the tokens and coins deposited in the project’s smart contract are calculated in USD. TVL fluctuates when the asset prices change. The higher the TVL, the better.
- The trading volume of a pool: this measures the trading activities in the pool. Higher volume indicates more trading is going on, thus it is also a good sign.
9. Is Liquidity Locked And For How Long Is It Locked?
Liquidity needs to be locked so that the token/coin in the pool cannot be moved for a certain period of time. Here is what you should look out for:
- How are tokens and coins locked in the liquidity pool? Does it rely on a trusted third party or is it all settled by a smart contract?
- Is the liquidity locked for a few weeks or several years? Bear in mind that even if the liquidity is locked, there is still a possibility that the price of the token can be manipulated. The longer the developers lock their liquidity, the better.
- If you are not sure about these things, contact the developers of the project for proof.
10. Does The DeFi Project Use A Multi-Signature Wallet?
That means that it is unlikely that one person could use a single private key to withdraw all the funds.
However, there is no way for investors to check if a multi-signature wallet is used. You will have to believe what the team says and that of course means that they could be lying.
11. Third-Party Security Audit Reports Are Important.
A project’s code could contain functions that allow the developer to steal the users’ funds. It could also have bugs that the developers are not aware of, which give a hacker the opportunity to do malicious things.
That’s why it is always good if a reputable third party does audits for a DeFi project.
For ongoing or very big projects, it is important to go through several security checks. However, as an investor, it is important to read what is inside the security reports published by a project before you put your hard-earned money into buying the token.
There’s more.
Whenever you find a security audit on a project’s website, google and find out the website of the company which they claimed has done the security audit. Cross-check on the auditor’s site if the project’s report is really listed there.
Why is this important?
Because unfortunately there are projects that are faking security reports. So if the report can only be found on the project’s website but not the security company’s website, then it means the project has probably faked the report.
Unfortunately, even when legit audits have been undertaken by a 3rd party, it doesn’t mean that everything is going to be alright. That’s because we do not know if the developers will resolve the issues flagged up by the auditor. A recent example is Compounder Finance, a project that still deployed its code even though it was flagged by a security audit firm.
Below are some websites where you can check DeFi security risks:
https://www.certik.org/ Certik has done security checks for many projects. You can find very detailed security reports as PDF for each project they have inspected.
https://rugdoc.io/ RugDoc lists risk levels of DeFi projects on a number of networks such as Polygon, Avalanche, BSC, Fantom, etc.
https://tokensniffer.com/ TokenSniff scans token contracts for scams. Many tokens are audited automatically. You can also report scam tokens on their website.
https://bscheck.eu/ This website allows you to check if tokens on BSC and Ethereum could be a scam by entering the smart contract address. However, they do not offer a 100% guarantee on their results.
12. Run A Test Before You Put All Your Funds In A DeFi Project
I think this is quite self-explanatory. Don’t go all-in right away. Put $1 into a token or coin and see if you can sell and withdraw. If it works well, then try the same with a slightly bigger amount, say $10. If it works fine, then you can put in more of your funds.
Final Words
While DeFi offers a lot of new opportunities for investors, it also comes with certain risks. If you invest your money into a fraud then in most cases the money will be gone and there is nothing you can do about it.
So, while some DeFi platforms might offer very attractive investment returns, always take time to do your own research and never invest more than you can afford to lose, no matter how solid the project looks.