CoinRisk - Risk Analytics in Web3

CoinRisk started the alpha testing of its self-serving audit service, inviting projects to test the features and to provide feedback to us. We can build trust in Web3 by identifying meaningful projects with good intentions and defining the risk they carry. Regarding the analytics offering of our platform, investors will have the chance to compare the risks of projects with each other and further, with an industry benchmark. To understand the aggregated risk of a project, we examine and define the risk of four verticals: tokenomics, technology, finance & operations. 

Let’s dig deeper into each vertical.

Tokenomics Risk

Analytics can cover a wide range in Web3 and tools like Dune Analytics or Glassnode provide extremely useful insights when it comes to on-chain and exchange data.. We will provide analytics based on on-chain data and our thorough auditing process. That way, conclusions can be drawn much better to decide what risks a project entails and understand the potential impact. Let’s take a look at one example of what we think is crucial and will help investors a lot when considering investing in a Web3 project. Imagine there is a project involving its own token that is now offering a public sale at 1€ per token while the pre-sale price was at 0.1€. Once the token will be available on secondary markets, you know that the investors during the pre-sale are now sitting on a 10x price increase which will lead to a heavy sell-off in a rational market environment. The risk of the token falling in price will be high, especially once the hype around the project weakens. At CoinRisk we can assess this risk and combined with cliff and vesting schedules, understand when sell pressure risk might be extremely high. One of our upcoming features will be to send notifications to investors if sudden threats occur or existing risks compound.

Technology Risk

Aside from tokenomics risks, we will also define a technology risk, focusing much on the control and funds of a contract. We will provide a list of all criteria that are examined and we will be adding more over time. As an inexperienced user in the crypto space, especially in DeFi it is impossible to understand the technology risk e.g. price feed oracles being manipulated or contracts that only let you buy tokens, but not sell them again (called honeypot in DeFi slang). We would like to emphasize that we do not see ourselves as a replacement for a security audit, but rather as a complementary audit. We have partnered with a security auditor and seek to partner with other security players in the DeFi space to provide services related to security beyond our own offering. Audits should be ongoing and therefore, it can be valuable to quickly examine your contracts by our tool every time changes have been made to the smart contract code. We add an audit trail to understand the gaps in which the code was changed without an audit confirming the most updated version.

Financial Risk

Another important field we assess is financial risk. We will include numerous KPIs which are typical for traditional finance such as Value at Risk. Investors will have the chance to choose specific ratios such as Total Value Locked (TVL) or market capitalization to compare projects directly. Furthermore, we analyze the treasury addresses of the respective project to examine the volatility and therefore, the risk of sell-offs and price drops. We will encourage projects to hold some part of their treasury in stable coins to be less exposed to the strong volatility in the crypto market. At a later stage, we will include the analysis of ongoing costs and revenue streams to draw conclusions on the project’s financial performance. 

Operational Risk

Although most risk assessments in Web3 neglect operational risk, it is still a crucial factor that can potentially lead to severe losses in a project, as operational processes ultimately decide if a project succeeds or fails in the long run. For now, we are assessing the treasury access process of a project. First of all, we check whether there is a multi-signature wallet in place and if so, what the number of signers is together with the % of approval needed to confirm a transaction. Only one person having access to the treasury would lead to a high risk as this person could solely decide what to do with the funds. Even if more signers of a multi-signature wallet are needed to confirm a transaction, the risk of collusion exists. We will also consider if the team’s identity is revealed to the public or at least known within a community by pseudonyms. At a later stage, we will give projects the opportunity to KYC with us, to be able to stay anonymous in public, but to show that there is no intention to rug pull the respective project. 

Lastly, we will audit general criteria such as community size and growth e.g. using Twitter or Discord as reference. The success of an early-stage project is highly dependent on its community. The GitHub activity can indicate consistency in the long-term and also to what extent the project is developed open-source. At a later stage, we would like to audit the whitepaper on criteria such as technicality and completeness. 

Aside from the areas covered by our audit, a project faces more risks e.g. legal implications. As this strongly depends on the legal establishment (if there is any in place) and on each  case, we prefer to leave this to lawyers specialized in this domain. We are planning to partner with law firms to help projects  receive the legal advice they need. 

It is likely that actors with malicious intentions such as rug pulls will avoid being audited by CoinRisk as it could reveal their real motives. Furthermore, any audit carries a detection risk meaning that one project should have multiple audits and they should be on-going if the code is changed frequently.

A sneak preview of our future dashboard (exemplary values shown)

On our dashboard users will be able to filter by category and the desired risk exposure. More details of each vertical will be provided on a separate page that is dedicated to a more visual approach including graphs and statistics. 

Feel free to contact us if you have any questions, doubts, or feedback. If you are a part of a Web3 project and interested in an audit, let us know!