CertiK Logo
CertiK Logo
Products
Company
incident-response
Back to all stories
Blogs
Top 3 Due Diligence Tools for Crypto Enthusiasts
10/6/2022

The phrase “do your own research” (DYOR) is thrown around a lot in crypto. And it’s certainly an essential part of the investment process. With far too many influencers and celebrities promoting crypto projects of dubious quality, it ultimately falls on each individual user to understand the risks and rewards of investing in their chosen projects.

But doing your own research is much easier said than done. With the overwhelming amount of information surrounding various projects, it can be difficult to separate the signal from the noise.

Let’s start by going over the essential questions a prospective user of or investor in a Web3 platform should answer before committing their hard-earned money to a project.

Top 3 Due Diligence Tools for Crypto Enthusiasts

Tokenomics:

☐ What is the token’s price, circulating supply, and market capitalization?

☐ What proportion of the token supply do whales control?

☐ Is there sufficient liquidity on a range of token pairs?

☐ Does the token’s volatility fall within an acceptable range?

Security:

☐ Is the project security audited?

☐ Has the team resolved all vulnerabilities discovered after the audit report?

☐ Has the project committed to ongoing security by making use of post-deployment monitoring tools?

☐ Are the project team and founders trustworthy? Have they passed KYC?

Community:

☐ How positive is the project’s community?

☐ Is the project’s social media active?

☐ How many mentions is the project getting on social media?

But where can a user or investor find the reliable data required to arrive at answers to these questions?

Let’s explore the top three tools that are out there that make it easy to DYOR and check off each of these key questions to ask before interacting with any Web3 platform.

1. CoinMarketCap

CoinMarketCap is a one-stop shop for everything price-related. The main feature of the homepage is the ranking of cryptocurrencies by market capitalization. This dashboard gives a lot of insight into the current state of the market, providing data on price movements over the last hour, the last 24 hours, and the last week, in addition to trading volumes and the circulating supply of different assets.

CoinMarketCap

If you’re looking to explore new ecosystems and assets, you can filter by category – DeFi, NFT, Metaverse tokens, etc. – and by blockchain – Avalanche, BNB Chain, Polkadot, Solana, and more.

CoinMarketCap also provides data on centralized and decentralized exchanges, as well as lending and derivatives platforms.

Clicking into any asset will take you to a detailed page, from which you can explore the token’s price history, trading volume, market capitalization, and more. This is essential information to understand before getting involved with a project, since all token-based projects involve price risk to some degree.

What is the token’s price, circulating supply, and market capitalization?

Most asset pages also have links to the project’s whitepaper, social media, and official website – all important resources to fully understand a platform before diving in.

2. Security Leaderboard 360

When it comes to security, there’s really only one resource where you’ll find all the answers to security-related questions in one place.

Security Leaderboard Homepage

CertiK’s Security Leaderboard 360 aggregates hundreds of data points into easy-to-read dashboards that make it the ideal one stop platform for any user conducting their due diligence on a project. Security must be a top priority for any prospective user of a Web3 platform. There are no heavily guarded bank vaults in DeFi – billions of dollars of value are protected by a handful of lines of code. This means that ensuring the security of this code must be the number one priority for developers and users alike.

Pre-launch smart contract auditing, and continuous auditing when contracts are updated, is the default for all projects that take security seriously. A project that is unwilling to be audited, or even participate in KYC verification by a reputable security firm has most likely something to hide and should not be trusted with even a single wei.

However, we’ve seen unscrupulous projects claim to be audited when in fact they have not been. This is a major red flag, but how can users be sure that an auditing firm has in fact verified a project’s code?

The CertiK Security Leaderboard makes it easy not just to confirm whether or not a project has been audited, but also to examine the results of any audit. There’s not much benefit gained from an audit if the team behind a project fails to address the vulnerabilities discovered.

For example, let’s look at the audit history for ApeCoin.

ApeCoin Audit

Here, we can see that ApeCoin’s smart contract was audited earlier this year. The Audit Module provides a wealth of information, from the blockchain the project runs on (Ethereum), to the number of findings in the final audit report (seven, of which six were completely resolved and one was partially resolved or mitigated).

Is the project audited?

Conducting meaningful due diligence means fully understanding the risks of a project before getting involved with it. Does this “partially resolved” vulnerability mean ApeCoin is too risky to invest in? Let’s dig deeper.

Clicking View Findings brings us immediately to the issue at hand: a centralization risk relating to the initial token distribution.

ApeCoin Audit Findings

As we can see, all of the tokens are distributed by a single address. This is an efficient, although centralized, way of conducting the initial distribution.

So does this mean you should stay away from ApeCoin? Depending on your risk tolerance, the answer is probably not. The team acknowledged the issue and publicly outlined their distribution process, publishing a list of their treasury wallets.

Has the team resolved all vulnerabilities discovered during auditing?

If we head over to Aave’s entry on the Leaderboard, we can explore another critical security consideration: post-deployment monitoring.

Aave Leaderboard

While pre-deployment auditing is an essential first step, smart contracts are deployed into a live and adversarial environment. Consequently, they require ongoing monitoring. The Skynet Trust Score continuously aggregates dozens of data points to arrive at a project’s overall score. The first component of this score – the Security Score – is based on multiple metrics, including a project’s audit history, the code’s similarity to previously-exploited contracts, whether the team is publicly identifiable or not, the number of privileged functions and wallets, and much more.

Has the project committed to ongoing security by making use of post-deployment monitoring tools?

The second component of the Skynet Trust Score focuses on the Market and Community module.

To explore this, let’s choose an NFT project, since NFTs rely so heavily on the strength of their community to promote and utilize their non-fungible tokens. The Leaderboard makes it easy to find all NFT projects listed simply by using the Category menu at the top of the dashboard.

Leaderboard Sorting

Let’s go with Decentraland, a 3D virtual world browser-based platform that allows users to buy virtual plots of land in the platform as NFTs via the MANA cryptocurrency, which operates on the Ethereum blockchain.

Since this is a social platform, any prospective user of Decentraland or investor in the MANA token would do well to understand the activity surrounding the project on social media.

Decentraland Social Analysis

The Social Analysis dashboard provides a springboard for further exploration of the community supporting a project. Latest tweets from the official Twitter account are linked at the bottom, along with important influencers that shape opinion. The total number of followers of Decentraland’s Twitter account is clearly displayed, along with the number of mentions the project is receiving.

Is the project’s social media active?

How many mentions is the project getting on social media?

Up the top of the dashboard, we can see that Decentraland’s Social Sentiment Index is holding up well despite the lower Price Sentiment Index, which reflects the broader market downturn. Comparing these two scores is a quick and easy way of gauging a community’s positivity: a relatively high SSI is a good sign that users are in it for the long haul and short term price action, measured by the PSI, is taking a backseat.

How positive is the project’s community?

After researching a project up to this point and determining that the whitepaper makes sense, the tokenomics are sound, and the project has a verifiable commitment to security, you might be ready to invest.

But first, you’ll want to check out the Security Leaderboard’s Market Volatility and Liquidity section. This will help you to gauge the risk you’re taking on when investing at current prices and quickly check which markets offer the deepest liquidity, which will minimize slippage and maximize the value of your investment.

Shiba Market Analysis

Shiba Inu’s entry on the Security Leaderboard clearly displays the major trading pairs and market liquidity for the SHIB token. 70% of trading volume takes place on ShibaSwap, with the remaining 30% mostly concentrated on Uniswap. With $7.3 million of liquidity, the SHIB/WETH trading pair is the deepest market for the token.

Is there sufficient liquidity on a range of token pairs?

SHIB’s RVI (Relative Volatility Index) score of 50 is right in the middle of the index, indicating that recent volatility is neither overwhelmingly to the upside nor to the downside. High volatility may be a hallmark of crypto markets, but prospective investors will gain a useful insight into the relative risk and reward on offer by consulting the RVI.

Does the token’s volatility fall within an acceptable range?

And finally on the security front, has the team been publicly identified and gone through KYC? This is an important step that helps build trust with users and investors. Anonymous founders do not expose themselves to the same reputational risks as those who are happy to put their name behind their project.

KYC Module

The Leaderboard makes it easy to check which teams have gone through KYC.

Are the project team and founders trustworthy? Have they passed KYC?

3. Dune Analytics

Dune Analytics is a highly-customizable platform that allows you to create your own data-driven dashboards and explore thousands created by others.

Dune DEX Metrics Exploring DEX Metrics on Dune

The little tick down the bottom right of each module confirms that the data displayed is up to date. If you see a red exclamation point, click it to find out when the data was last refreshed.

Dune is a powerful platform for obtaining deep insights into crypto projects and tracking metrics over time. There are more than 39,000 unique user-created dashboards on the site. This might seem like an intimidating figure, but sorting dashboards by the number of favorites makes it simple to find those which are providing value to the greatest number of people.

Dune Sort Dashboards

Dune dashboards excel at providing global insights into major sectors of the crypto industry. However, with a bit of digging you can also find more specialized data focusing on individual projects.

For example, let’s take a look at the distribution of the LINK token. Ideally, a token will have a highly diverse distribution. A handful of wallets controlling a large percentage of the total supply is a sword of Damocles hanging above the heads of all other investors, since the whales could dump their holdings at any time and tank the price.

Dune LINK Chainlink Dashboard on Dune

What proportion of the token supply do whales control?

Other Platforms

These three platforms are just some of the dozens of research tools that are out there. In this article, we focused on free tools that are available to everyone. Minimizing barriers to entry is an essential step towards maximizing financial inclusion and bringing the benefits of free and open markets to the most people possible.

Other powerful tools that help with conducting due diligence include Nansen, Messari, and Santiment. All of these platforms offer free trials, which allow you to get a full understanding of the value offered before committing to an ongoing paid membership.

Doing your own research can often feel like an overwhelming task due to the sheer volume of data that exists in the crypto space. The tools outlined in this article make the task of conducting due diligence much more approachable, effective, and efficient. Equipped with this knowledge, Web3 users and investors can make better informed decisions about the projects they get involved with.