A framework for conducting your own research (DYOR) to assess the viability, security, and sustainability of new decentralized finance projects before investing.
LABS
Guides
How to Evaluate a New DeFi Project (DYOR Framework)
A technical framework for systematic due diligence on decentralized finance protocols.
Chainscore © 2025
core-pillars
The Four Pillars of DeFi Due Diligence
01
Project Fundamentals & Team
Team transparency and tokenomics are critical. Investigate the founding team's public identity, experience, and past projects. Scrutinize the token distribution model, vesting schedules, and total supply.
- Check for doxxed team members on LinkedIn or GitHub.
- Analyze if tokens are fairly distributed or concentrated with insiders.
- Example: A project with anonymous founders and 40% of tokens allocated to the team is a major red flag.
This matters because a credible, skilled team with aligned incentives is foundational for long-term success and reduces rug-pull risks.
02
Smart Contract Security
Code audits and bug bounties are non-negotiable for securing user funds. Never trust unaudited code. Look for multiple audits from reputable firms and an active bug bounty program on platforms like Immunefi.
- Review audit reports for critical vs. informational findings and see if fixes were implemented.
- Check if the project uses established, audited libraries like OpenZeppelin.
- Use case: Before depositing in a new lending protocol, verify its audits match the live contract addresses on Etherscan.
This directly protects your capital from exploits and hacks due to vulnerabilities.
03
Product & Market Fit
Value proposition and competitive analysis determine real-world utility. Assess if the project solves a genuine problem or is merely a copycat. Evaluate the Total Addressable Market (TAM) and the project's unique advantages.
- Does it offer superior yields, lower fees, or novel features than incumbents like Uniswap or Aave?
- Analyze on-chain metrics like Total Value Locked (TVL) growth and user activity.
- Example: A new DEX must justify why users would switch from established platforms.
This ensures the project has a sustainable reason to exist and grow in a crowded market.
04
Community & Decentralization
Governance activity and community health signal long-term resilience. A vibrant, engaged community and a functional decentralized governance model are vital. Examine proposal history, voter turnout, and discussion forums.
- Is governance token voting power overly concentrated?
- Monitor community sentiment on Discord and Twitter for red flags or enthusiasm.
- Real example: MakerDAO's active governance forum shows a robust, decentralized decision-making process.
This pillar matters because a strong, decentralized community can steer the project through challenges and prevent centralized control.
A Step-by-Step Investigation Process
A comprehensive framework for conducting Due Diligence on Your Own Research (DYOR) for any new DeFi project, focusing on team, technology, tokenomics, and security.
1
Step 1: Scrutinize the Team and Documentation
Investigate the project's creators, roadmap, and foundational documents.
Detailed Instructions
Start by verifying the project's legitimacy through its public-facing information. A credible team is the cornerstone of any trustworthy project.
- Sub-step 1: Research the Team: Use LinkedIn, GitHub, and professional networks to verify the identities and experience of core team members and advisors. Be wary of anonymous teams or those with fabricated profiles.
- Sub-step 2: Audit the Documentation: Thoroughly read the whitepaper, litepaper, and technical documentation. Look for a clear problem statement, innovative solution, and detailed technical architecture. Check for plagiarism using online tools.
- Sub-step 3: Review the Roadmap: Assess the project's roadmap and past milestones. A realistic, time-bound roadmap with regular, verifiable updates (e.g., GitHub commits) indicates active development.
Tip: Search for the team's names alongside keywords like "scam" or "fraud" on crypto forums. A lack of a public audit trail for anonymous teams is a major red flag.
2
Step 2: Analyze the Smart Contracts and Code
Examine the project's technical foundation for security and functionality.
Detailed Instructions
This step focuses on the project's technical backbone. Even with a great idea, vulnerable code can lead to catastrophic losses.
- Sub-step 1: Locate the Source Code: Find the project's official repositories on GitHub or GitLab. Verify the organization or user account is linked from the project's official website.
- Sub-step 2: Check for Audits: Look for third-party security audit reports from reputable firms like CertiK, OpenZeppelin, or Trail of Bits. Read the reports thoroughly, paying attention to the severity of findings and whether they have been resolved. For example, check if a contract address
0x742d35Cc6634C0532925a3b844Bc9ehas a public audit. - Sub-step 3: Review Code Activity: Analyze the repository's activity. Look for frequent commits, multiple contributors, and recent updates. A dormant GitHub is a warning sign.
code// Example command to clone and examine a repo $ git clone https://github.com/ExampleProject/contracts.git $ cd contracts $ grep -r "onlyOwner" . // Search for privileged functions
Tip: Use tools like Dedaub or Etherscan's Contract Tab to visualize contract inheritance and function calls without deep coding knowledge.
3
Step 3: Deconstruct the Tokenomics and Supply
Evaluate the token's economic model, distribution, and vesting schedules.
Detailed Instructions
Tokenomics determines the long-term viability and potential value accrual of the project's native token. Poor design often leads to hyperinflation and dumping.
- Sub-step 1: Examine Token Distribution: Find the breakdown of the total supply allocation (e.g., Team, Investors, Treasury, Community). A fair launch with a large public allocation is generally healthier than one where insiders control >40%.
- Sub-step 2: Analyze Vesting Schedules: Check vesting schedules for team and investor tokens. Long, linear vesting (e.g., 3-4 years) aligns long-term interests. Use a block explorer to see locked contract addresses, like
0x5a6A4D54456819380173272A5E8E9B9904BdF41Bfor a Curve vesting contract. - Sub-step 3: Understand Utility and Inflation: Determine the token's use cases (governance, staking, fees) and its emission/inflation rate. Calculate the fully diluted valuation (FDV) and compare it to the market cap.
Tip: Use platforms like TokenUnlocks.app or CryptoRank.io to visualize upcoming token unlocks, which can create significant sell pressure.
4
Step 4: Assess On-Chain Metrics and Community
Verify real usage, liquidity, and community sentiment through on-chain data.
Detailed Instructions
Move beyond promises and verify real-world adoption and financial health using immutable on-chain data.
- Sub-step 1: Analyze Liquidity and Volume: Use DeFiLlama or DEX Screener to check Total Value Locked (TVL), liquidity pool depth, and 24-hour trading volume. Deep liquidity on a major DEX like Uniswap V3 is crucial. Be skeptical of pools with low liquidity relative to market cap.
- Sub-step 2: Track Holder Distribution: On Etherscan or BscScan, examine the token holder distribution. A highly concentrated top 10 holders (>60% of supply) poses a centralization and manipulation risk.
- Sub-step 3: Gauge Community Health: Monitor the project's Discord, Telegram, and Twitter for developer engagement, quality of support, and overall sentiment. Look for organic growth, not paid shilling.
code// Example SQL-like query for Dune Analytics to get holder stats SELECT holder_address, SUM(value) as balance FROM erc20_ethereum.ez_token_transfers WHERE contract_address = '0x1f9840a85d5af5bf1d1762f925bdaddc4201f984' -- UNI token example GROUP BY 1 ORDER BY 2 DESC LIMIT 10;
Tip: A sudden, massive spike in TVL or social followers can be a sign of a short-term farming incentive or even a bot attack, not organic growth.
Common DeFi Project Archetypes and Risk Profiles
Comparison overview of key characteristics and associated risks for major DeFi project types.
| Archetype | Primary Value Proposition | Key Risk Factors | Example Projects |
|---|---|---|---|
Decentralized Exchange (DEX) | Permissionless token swaps & liquidity provision | Impermanent loss, smart contract bugs, governance centralization | Uniswap, Curve, PancakeSwap |
Lending & Borrowing Protocol | Earn yield on deposits or access leveraged positions | Oracle failure, liquidity crunches, collateral volatility | Aave, Compound, MakerDAO |
Liquid Staking Derivative (LSD) | Earn staking rewards while maintaining liquidity | Validator slashing, de-pegging risk, centralization of node operators | Lido, Rocket Pool, Frax Ether |
Yield Aggregator / Vault | Automated strategy optimization for maximized APY | Strategy failure, protocol dependency, complex smart contract risk | Yearn Finance, Beefy Finance, Convex Finance |
Cross-Chain Bridge | Asset and data transfer between blockchains | Bridge exploit (custodial/validator), message verification failure | Wormhole, LayerZero, Multichain |
Derivatives & Perpetuals DEX | Leveraged trading with on-chain settlement | Liquidation cascade risk, funding rate manipulation, low liquidity | dYdX, GMX, Synthetix |
Rebasing / Algorithmic Stablecoin | Decentralized, non-collateralized price stability | Death spiral from loss of peg, hyperinflation of supply | Olympus DAO (OHM), Ampleforth, Empty Set Dollar (ESD) |
Evaluating for Different Roles
Understanding the Basics
Due Diligence is the process of researching a project before investing. For newcomers, focus on the fundamentals and avoid complex jargon.
Key Points to Research
- Team & Transparency: Look for a public, doxxed team with verifiable experience. Anonymous teams, like early SushiSwap, carry higher risk. Check their LinkedIn and project blogs.
- Tokenomics & Supply: Understand the token's purpose. Is it for governance (like UNI) or fees? Check its total and circulating supply on CoinGecko to assess inflation.
- Community & Social Proof: A strong, active community on Discord or Twitter is a positive signal. Beware of groups filled with hype and paid shills.
Practical First Step
When exploring a new project like Aave, start by reading its official documentation and whitepaper. Then, visit its DeFiLlama page to check its Total Value Locked (TVL) growth trend. A steadily rising TVL often indicates growing user trust and protocol health.
Critical Questions and Nuanced Answers
Code audit is the starting point, but not the finish line. A clean audit from a reputable firm like OpenZeppelin or CertiK is essential, but it's a snapshot in time and doesn't guarantee future safety.
- Review the scope: Audits often exclude peripheral contracts like price oracles or admin multisigs, which can be attack vectors.
- Check for time in production: Code that has managed significant Total Value Locked (TVL) for months without exploits is a strong signal.
- Monitor bug bounty programs: Active programs on platforms like Immunefi show a commitment to ongoing security.
For example, the Euler Finance hack in 2023 exploited a logic flaw in a donation mechanism, despite previous audits, highlighting the need for layered defense.