The StarkNet Fam is on the lookout.

•

What is the most efficient way to DYOR microcaps on Ethereum's L2 StarkNet? Here is a mega-thread to avoid getting rugged and scammed. Including analysis of github, whitepaper, socials, etherscan and smart contracts. mega-thread🧵

There are many scams and tactics used to swindle degens out of their money. Honeypots and rugpulls are common names to get rekt. I want to help the StarkNet fam avoid losing money with this content. Let's get into it and learn how to avoid scams!

1. Github I want to start with development activity. I love diving into GitHub repositories. For me, it's perhaps the most transparent way to track development. Tech is the only way to separate a StarkNet L2 project from the crowd. It must be constantly improved.

It's not really about reading the code. The core repositories should see a regular stream of commits. It is important that these repositories are active.

You can see their commits code frequency and contributors if they link to their GitHub in the insights tab. Here are the Pathfinder stats. Several commits and additions are being made regularly.

Check out the discussion around code additions on the Issues tab. On public code repositories, you can't see everything. Commits vary. Sometimes developers will code in private repositories first. Discord, Twitter, and Telegram are good places to ask questions.

2. Team It's all about the team. Startups with great teams have already cleared a major hurdle. A team with individuals with experience in the field is critical.

Ensure that all of that information is public and verifiable. Back in 2017, fake credentials were used to promote ICOs. Look at their LinkedIn, GitHub, Twitter, or other socials. I prefer projects with a developer-heavy team. It's all about technology.

Having people with a business or marketing background can help forge partnerships to increase awareness and adoption. When most of the team members are marketers and shills, I tend to walk away. Pseudonymous developers exist but Satoshi is an exception, not the rule.

3. White paper Whitepapers provide a lot of useful information. Another red flag is a really crappy or fluffy white paper. It is a good first step in understanding the project.

Among the most significant factors are vision, architecture, scalability, interoperability, roadmap, and a use case. While some visions are unique and ingenious, others are more generic. Architecture is the general structure of a project. Is it broad?

Can you build additional functionality on multiple layers? What makes this architecture unique among its peers. Scalability means that a project that cannot scale will eventually encounter bottlenecks. Many of the popular blockchains suffer from this problem.

Having interoperability means interacting with other projects and layers. This could give the project access to liquidity and other applications.

A roadmap is a crucial part of a growing project. Theoretically constructing your project is one thing. Executing it is quite another. Use cases are self-explanatory. Only if there are defined and reasonable use cases can you get adoption for a project.

4. Community A good fam can really help increase the awareness and adoption of a project A project community's dedication speaks volumes about its potential. I can easily tell what type of community we have by jumping into their Discord channels or reading their Telegram.

Are there many thoughtful discussions? How interested are users in the technology and adoption? How helpful are they to new members? Can they answer questions? In my opinion, these are good community indicators.

Passionate communities have staying power. They want to see their project adopted and know why it will be adopted. In addition, they are willing to make sure others are aware of the project.

A rushed website is a red flag! To check when a domain was registered for a website, go to whois.domaintools.com A domain registered within 24 hours of a project launch is likely to be a scam.

Scam projects often launch within days: • Site • Forked yield farm, NFT marketplace, etc. • Social media followers are in thousands • An airdrop/giveaway

Take a look at their Twitter and Telegram followers Bots and fake accounts are easy to spot. you can use this tool: followeraudit.com/fake-follower-audit

5. Examine the Contract Go to Etherscan -> Contract -> Code Check the "Compiler Version". most scams use an older version. It is very common for scam tokens to have v.0.5.17 and v.0.6.12. Latest solidity compiler version (currently Version 0.8.13 github.com/ethereum/solidity/releases

Search through the contract -> etherscan -> read contract check for “function mint” By using mint(), the contract owner can create new tokens whenever they want. For some legitimate projects like rewards or farming, this may be needed.

The submission date is also important to check. Stay away if the contract has several dates. They basically copied another contract and resubmitted it, so it appears twice.

Check the Liquidity Pool LP token holders can be rugged if someone controls them. Large wallets holding significant shares of the tokens as they can easily dump all their tokens and gouge the price.

A good way to avoid getting rugged on a project is to see if the liquidity pool tokens are locked or burned. You have two options to prove your project is not a rug pull: Locking the tokens for a specified period of time, or burning all or a percentage of the tokens they own.

By sending their LP tokens to a burn address, developers can burn their LP tokens. Burn address 0x000...00dEad is often used. For locking, a lock icon may appear next to a contract address. To check if the LP tokens are locked on L1, try app.unicrypt.network/amm for L2 tbd

Holdings analysis Go to Etherscan -> holder page. The holder page will let you know what the developers have done with the tokens, as well as who holds the most tokens. In order to hide the fact they still own tokens, a dev wallet might send like-kind amounts to other wallets.

If a large buy occurs within minutes after creating the LP token, it's probably a developer wallet and also a red flag. If there is still a contract owner, they can modify the code at any time. The owner of the contract renounces ownership to show they are not being sneaky.

The Source of funds is simple and effective Trackback to the first transaction in the contract creator's wallet to see how the devs sourced their funds. Was it a cex or other wallet? Tornado cash or other mixers may show up in internal transactions (often a red flag).

If one of these checks fails, it does not always mean it's a scam, but it's something to be aware of and if you ask the team they might have a plausible explanation. With this tool, you can automate many checks: tokensniffer.com/

Additional reading and H/T to: arxiv.org/pdf/2109.00229.pdf business2community.com/nft-news/nft-airdrop-scams-02461554 thedefiant.io/crypto-scams-are-out-of-control-again-heres-how-to-stop-them-forever/ listingspy.net/blog/en/how-to-avoid-crypto-scams-part-2 medium.com/blind-boxes/how-to-avoid-metamask-crypto-scams-8496a50ec206 youtube.com/watch?v=HCLWDGYnAzk medium.com/sentinel-protocol/tracking-the-stolen-assets-from-the-liquid-exchange-hacking-acd94e01c762

You can read the unrolled version of this thread here: typefully.com/odin_free/ob1FG8m