ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
Instructions to project team
Notes
Risks being evaluated
2
Q1
Have the contracts been audited by professional auditing firms?
Project needs to have all susceptible contracts audited. Even if an audit will not catch all risks, this gives us the proper PR protection if the project has an issue
Smart Contract Bug/malicious owner
3
Please provide link to audit reports
4
5
Q2
What is the project's inception date?
Older projects are safer than new ones, especially if they have not suffered any hacks or exploits.
Rug pull
6
7
Q3
Has your project ever been involved with a hack or exploit?
The longer a project is in existence without an exploit, the more secure it likely is.
Protocol security
8
9
Q4
What safety measures are in place to secure your protocol from centralization risk? What contracts are not under timelock? Who has multi-sig?
Rug pull
10
E.g., Timelock function, multi-sig, etc.
11
12
Q5
Does your token have a maximum supply cap?
Rug pull
13
Provide proof - e.g., line in the Token contract code that shows maximum supply amount
14
15
Q6
Mint function. If Token does not have maximum supply, how is the mint function controlled?
Infinite mint is not necessarily bad; this can be a design characteristic. What's bad is they can suddenly mint and sell massive ammounts of tokens.
Rug pull / smart contract bug
16
Provide brief explanation and control in place - e.g., how to prevent massive sudden mint, etc.
17
18
Q7
Centralized treasury. If the protocol collects fees, where do they go and how are they controlled? Is there any kind of treasury or insurance fund under centralized control?
This is one attack vector most audit firms do not consider at the moment
Rug pull
19
Provide brief explanation and control in place - e.g., how to prevent team from pulling out treasury funds
20
21
Q8
Migration Function. Is there a migration function in the code? Why is this there and how to control this function from making a malicious action?
Rug pull
22
Provide brief explanation and control in place - e.g., how to prevent team from pulling out treasury funds
23
24
Q9
Upgradeable contracts. Are the contracts upgradeable? Why is this there and how to control this function from making a malicious action?
Rug pull
25
Provide brief explanation and control in place - e.g., how to prevent team from pulling out treasury funds
26
27
Q10
Third-party risk. What underlying external parties do your contracts rely on?
Protocol security
28
29
Q11
Where are tokens currently listed?
Price manipulation
30
List all the CEX and DEX
31
32
Q12
Please briefly describe the utility of your tokens and all the relevant tokenomics (e.g., burn, staking, locking, etc.)
Rug pull (judge by the usefulness of token)/Price dump risk(if token is useless)
33
34
Q13
Does your token have any advanced mechanics such as deflationary/rebase/reflexive?
These mechanics can potentially cause technical issues, especially involving integrations with other protocols.
Rug pull (judge by the usefulness of token)/Price dump risk(if token is useless)
35
36
Q14
Please share your project's roadmap
Rug pull (judge by the quality of plan)
37
38
Q15
What % of the token supply is/will be controlled by the team
Rug pull
39
40
Q16
What % of the token supply is controlled by investors? What is the token distribution model?
Price dumping
41
42
Q17
Please share the profile of key team members
Rug pull/Protocol security
43
If team is anonymous, please share what info you can about core team's background
44
45
Q18
What monitoring or controls do you have in place that could catch issues, halt functions, or delay attacks to protect assets?
Protocol security
46
47
Q19
Do you have a bug bounty program in place/planned?
Protocol security
48
49
Q20
Safety practices. Is there someone dedicated to security on the team? Does your git include your test/QA scripts? Describe your current IS/QA processes? Will you commit to auditing your code at least quarterly/semi-annually/annually and for major updates and releases?
Protocol security
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100