“Ethereum is a Dark Forest” by Dan Robinson and Georgious Konstantopoulos is an iconic article in the crypto world. Though it is focusing on a specific danger, the description easily applies to almost all the features of the DeFi space (and all blockchains this space occupies).
You've heard about (these chances before) - they're really good, but there are risks involved. Significant, unexpected, and numerous ones. Like the risk of buying a token - tokenomics is important, but it's also a risky venture. Just like with investing in tokens, there's a risk that tokenomics will surprise you in a most unpleasant way.
“Scam/honeypot” tokens can easily take your money and leave you holding a useless bag you can never get rid of. Just search the web for “Squid Token” and you will see what I am talking about. Even legit tokens may have features you are not comfortable with. Fees/tax on the transfer, locking periods, and penalties for interrupting vesting schedules among other similar stipulations can be coded in the token smart contract. You should be aware that these features will seriously limit your options after purchasing the token and there is a risk of losing money if you're not familiar with them.
“DYOR” (do your own research) is generally not a suggestion made out of laziness. It is a must; only through research do you have the chance to really understand what kind of project/token you are about to put your money into. It’s actually a very important life lesson that can help you avoid common mistakes. And DYOR does not mean to check social media for the latest shilling posts. “My friend told me about this great new token,” also does not count… unless your friend reads smart contracts for fun :D. Project websites, whitepapers, medium articles, team members, and audits of the token smart contracts - are what you should check. If any of these elements are missing, it is enough to warrant a hit on the breaks.
- Websites - check the URL (make sure it starts with “https:// “ and that you see the lock icon in the address bar). See if it offers all the needed information (Road map, Team members, Whitepapers, links to the official discord server, Twitter account, project articles on medium.io, etc..)
- Team members - even if developers are anons, that does not necessarily mean that no info about them can be found. Search the web for whatever background you can find. Lack of such should rise your caution.
- Whitepapers - read that carefully, make sure you understand it. Especially the tokenomics part (remember - fee/tax on the transfer, locking periods, penalties…)
- Audits - this is what you can trust most (though even audits do not guarantee 100% safety), but always check the timeline - when and which version of the code was audited. Another problem is that audits are expensive and newly launched projects hardly can afford one. Not being audited does not mean something is a scam but increases the risk level.
- Token address - check it on the blockchain explorer (etherscan.io, polygonscan.com, bscscan.com). Copy the token address and paste it into the search bar of the explorer to see token details. Check if the contract is verified - non-verified contracts can not be read. Click on the “Token Tracker” to see some additional info about the project website and token holders. If only 5-10 private addresses hold most of the token supply there is a high risk of a rug-pull or a dump; better avoid buying.
- Check the token on some app like DexTools (dextools.io) to see pools, what liquidity, and what DEXs there are for the given token. You can also see ‘buy’ and ‘sell’ transactions that are happening. If there are only ‘buy’ ones probably should stay away. Also, avoid pools with low liquidity.
There are enough articles on the web that can give you exact details about the red flags you should look for. Take your time and read. If you still want to skip all this, at least always check the token’s address. Make sure that it is the same as the one in the project documentation. Also check it on a honeypot detector (like this: https://detecthoneypot.com/), especially if it is a newly released token. It won’t give you a hundred percent guarantee but may help you avoid the most common scams.
Remember that anyone can create any token (with any name even using the name of a well-known and existing project) and set a trading pair for it on any DEX. The fact that a given token is listed on a DEX does not offer guarantees or protection. DEXs do not and can not control this process. Never let the “fear of missing out” grow stronger than the “fear of being rekt.”
Light the Torch of Knowledge - you going to need it on the dangerous paths of the “Dark Forest.”
(P.S.) You can always ask for some help on the Discord server of the DEX on which you are planning to make the swap. Your questions will be answered. Just remember - do not trust people who are sending you DMs (direct messages)… unfortunately they are likely scams. No official support members (or community members who are really willing to help) will ever DM you first!