Doing Your Own Research

What does it all mean?

What Should You Look For?

Everyone talks about doing your own research, but what do they mean? What should you look for?

In the following, non-exhaustive list, let’s review a few basic things to check for when you’re considering a new investment.

When a project claims that ownership is renounced, it’s important to verify this in actuality. Select the “read” tab on the contract’s BSCscan page and check the owner address is no longer the creator address, as seen in line 12 above.

If the owner address is still the same wallet address as the contract creator, rather than the 00000x00000dead address, the ownership is not renounced.

Although some projects require retention of contract ownership, many do not. If a project claims ownership is renounced and it is not in actuality, this should be considered a red flag.

An unrenounced contract can activate/utilize functions that may not have otherwise been successful. With that being said, a contract not being renounced, may not be nefarious, in and of itself. Always ensure that you are considering multiple factors when doing your research.

Check to ensure that the source code has been uploaded and verified by BSCscan. If a source code is not uploaded or verified, the project should typically be considered unsafe.

Without a source code uploaded, the developer in question has the ability to utilize any and all potentially nefarious functions in a contract, without investors’ knowledge.

One of the most common scam-type projects, a honey pot, commonly does not have the source code uploaded.

A mint function, with certain legitimate applications, is a nefarious piece of code, when used as such. The mint function allows developers to create a new supply of tokens at will.

Mint functions can have a legitimate purpose (in a very small number of cases within BSC), but this is typically not the case. If the project requires a mint function, the developer should have this outlined very clearly in the white paper and should be able to answer questions about it promptly.

If a developer is unwilling, or unable to explain this function, the investment may be incredibly unsafe.

Much of source code evaluation should be done with context in mind. The above code shows an example that would allow a contract owner to reclaim ownership after a finite period. It is important to remember that many source codes are complete clones of other contracts and the developer may not be aware of what has been written. This coding can typically be used in a nefarious manner, or is placed due to lack of knowledge, neither of which indicate an overly safe investment.

Utilize the tools at your disposal! Poocoin has a dev wallet checker available under the information tab of any contract. Although there may be a legitimate reason for multiple transactions, it is usually contained within the scope of the project. Many, many transactions from a developer wallet, can sometimes signal nefarious behaviour. Be sure to reference the project’s white paper and ask the developer for clarification.

Were any earlier transactions made, for solely the gas fees? As shown above, this developer funded multiple wallets, with 1% of the total supply, for free. Some projects announce this and the dev wallets are completely legitimate, while others perform this action to drain the liquidity pool from investors. This is commonly referred to as a slow rug.

Is the liquidity pool locked? If no, the developer, or contract owner, can rug pull the token at will. If liquidity is held in an unlocked wallet, the information tab on Poocoin will produce a warning in red, as seen above. The screenshot above is an example of the warning and does not mean the project has nefarious intentions.

Who holds the liquidity tokens? How were they obtained? Some contracts use hidden (intentional, or unintentional) exploits in their source code, which allows for liquidity pool tokens to be reflected for free. An easy way to check the liquidity token holders, is through the information tab on Poocoin. Nefarious holders of liquidity pool tokens can crash a project on their own actions, through this source alone.

Is the project audited? There are many reasons for a project to be audited. Audits provide an unbiased overview of the project in question. Security functions are tested, source codes are reviewed and liquidity is checked. Certik and Techrate are two widely recognized auditing companies. Be cautious of any auditing certificate/service, which is not widely accepted/known.