I intentionally did not want to mention just one blockchain (see source below) cause this article is universal and applies to all blockchains and it's extremely valuable to all of us involved in crypto.

Your favorite blockchain is typically an open, permissionless blockchain. So there is no central company, or other body, exerting ownership and, with it, responsibility. Anyone can build on this platform and engage the community. This is one of its superpowers. Yet because anyone can build DApps, users need to be judicious. As the saying goes, ‘Do your own research’.

Researching means more than scrolling through search results or watching your favorite YouTuber talk about moonshots or chart patterns. By doing your own due diligence and taking your signal from the right community voices (amid the noise), you can give yourself the best chance of navigating the emergent landscape successfully. And with it, play your part in helping grow a safe, secure, and healthy ecosystem.

However, decentralization doesn’t mean we should accept a ‘wild west’ environment. Even with the noblest intentions, some DApps will include design flaws, have bugs, or be poorly supported by inexperienced devs. These issues could leave low-quality DApps more open to being hacked. There will even be DApps that are outright scams or rug pulls. Sadly this is inevitable at some point. And of course, the detractors will seize on these issues and seek to amplify them to damage the community.

It is the responsibility of each DApp developer to ensure that their application produces the correct results. Meanwhile, every responsible member of the community should do their own research and help educate others. In the end, it is up to individual users to protect themselves from bad actors. So be curious, even skeptical. Ask questions. Accept nothing at face value. Equally, be cautious in calling out scams - with so much FUD about, you should not add to the noise without due deliberation. And many of us will remember this cautionary tale from our childhoods…

A fact checklist

Who are the developers?

Developers proud of their product will be easy to contact and responsive to questions. There should be a project website. Anonymity or pseudonymity is relatively common in crypto, but it is important to know the developer can be traced if money is involved. It is much easier for anonymous developers to disappear with your funds. Even if fully doxxed, is this the developer’s first project? Devs or code shops with a reputation have more to lose, while inexperienced developers are more likely to make mistakes or take shortcuts, especially if there is a rush to launch.

What is the project’s vision?

Do your best to ensure that the project’s values and actions align with your values. Look at decentralization, idealism, passion, and purpose.

FOMO is your enemy

If it’s a great application now, it will be a great application next week and next month. If the developer plays on your fear of missing out, that is a big red flag. Due diligence takes time. Be diligent.

Is it really, really good?

The old saying applies. If it’s too good to be true, it probably is. If the project offers higher than normal staking rewards, you need to be hyper-vigilant and very thorough in your investigation.

Celebrity endorsements

Endorsements can be bought, and they are often an essential ingredient of a pump and dump or rug pull. By design, retail investors first discover a dump or rug pull when their basket of tokens is suddenly worthless. Don’t put your trust in YouTubers, but take note of YouTubers you trust.

Is the product open source?

Not all trustworthy DApps need to be open source. However, if the product claims to be open source, you should check the claim. For example, the GitHub repository should be accessible and active. The names of people on GitHub should match at least some of the people on the project website.

Project documentation

There may be a white paper, lite paper, or other design documentation.

Perform a thorough fact check: check sources, investigate authors, ensure content is authentic and not plagiarized. Evidence of poor proofreading, missing content, or broken links in references should all raise concerns. If the white paper is on a ‘pay to publish’ site, you should take that into consideration.

Token distribution

If the project has an associated token, use a chain analysis tool to check for a concentration of token ownership. For example, it would raise concern if most of the project's tokens were allocated to a handful of wallets.

Is it a new project, or is it ported from another chain?

Check its reputation in its past life, if it had one. It still takes good developers to take full advantage of the platform.

If it is a new project, how new is it? Do the participants have any history in the crypto space?

Is the developer engaged on social media?

Look for an active community of users and reviewers. Look to see how recently the entities associated with the project were created. Be suspicious of new accounts with only a few tweets. Check the number of followers, too. Tools like Sparktoro are another way you can check real v fake followers.

How much testing has been done?

We would expect a good project to have been active on the testnet – and offering commentary in social channels – before its mainnet launch. Promoting the testnet launch through social media to allow end-users to test and build their understanding.

Has an external audit been conducted?

Look for a respected organization that is independent of the developer. See below for some useful organizations.

Review the product against your requirements

No matter how good the product, it must be right for you. If you are looking to earn extra ada rewards or trade, it remains forever true – never risk more than you can afford to lose.

Some useful organizations

External organizations can help you learn more about the developer of the DApp. Also, DApp developers can enlist external companies to help with the development process.

More information about developers

  • Check the Binance Project Reports page. It aims to cover the top crypto-projects and provide unbiased information.

  • The Messari site provides research reports for organizations or individuals.

  • Crunchbase provides data about organizations and individuals. There is a free trial; otherwise, this is a paid service.

  • PitchBook is a financial data and software company. There is a free trial option available here too.

  • Search LinkedIn profiles of people and companies.

  • Use BetterWhois or a similar registry to find out when a website was created and basic details of who is behind it.

Companies that help with DApp development

  • QuviQ is a Swedish company that specializes in property-based testing.

  • Runtime Verification performs security audits.

  • Certik, founded in 2018 by Yale University and Columbia University academics, is a pioneer in blockchain security. Certik uses best-in-class AI technology to secure and monitor blockchain protocols and smart contracts.

  • Tweag is a software innovation lab that helps technology start-ups improve their engineering performance and execute high-risk, high-reward projects.

As intelligent, skeptical consumers, users must demand only the best DApps. Supporting great DApps will nourish a population of honest, trustworthy developers. Together, we will reach our goal of becoming a flourishing, self-governing community.

Last updated