Staking is a wonderful feature in crypto that allows people to earn more money on their investment while holding it.
This feature works particularly well for long term holders who have an asset that they believe will flourish in the future as doing this allows them to earn passively while holding the asset which they were going to do regardless.
However, there are some staking platforms that are not as safe as others, here’s what to look at when deciding to stake…
Audits
Audits are an effective way to see if a project’s smart contract is legitimate. Audit companies do thorough examinations on smart contract code and how it is used to interact with the blockchain and project, it is often used to find errors or vulnerabilities that could be a risk to users.
Being audited is a green tick for a project when analysing if a platform is safe.
When checking if a project is audited it is important to research that the auditor is legitimate, the five most common and established crypto auditing companies are;
Certik, Hacken, Chainsulting, Solidproof and Quantstamp. If the project is audited by one of these companies (verifiable on Coinmarket cap, image below) then it is most likely safe smart-contract wise.
Note: vEmpire was audited by Solidproof
Multi-Signature, is it enabled?
Multi-signature, is it enabled?
Multi-signature is a security mechanism which staking pool managers should have enabled as it adds an extra layer of security.
Having this enabled means that a fund or vault requires multiple people’s approval (signatures) to confirm a transaction.
Gnosis safe is a digital safe that stores funds and allows for the multi-signature mechanism to be enabled.
This is important as it removes the threat of a single person hacking/controlling one wallet and removing all the secured funds because in order to make a transaction with Gnosis safe, a number of ‘owners’ must sign the transaction for it to be approved.
For example, the funds we manage are registered with 5 people, so if we want to confirm a transaction, 3 out of the 5 people will need to sign for the transaction to fulfill. This means one person does not have entire control over the safe.
A way to check if a project has Gnosis safe enabled, go to Etherscan and check in the top right of the token contract for a Multisig or Gnosis safe tag
You can also check this in the contract page of the contract stating the contract name as GnosisSafeProxy
Furthermore, if you cannot find it here, head over to the Gnosis Safe website and check if the wallet you are concerned about is connected (which have multisig enabled).
Alternatively, and probably the easiest way to do it is by asking the project’s community in Telegram or Discord for the contract address or the wallet address so you can verify that they have multisig enabled on both etherscan and Gnosis safe.
Do they have an ENS Domain to verify?
This isn’t necessarily a bad thing not to have but it does make things easier when verifying a wallet address. Having a .eth domain helps you spot a specific address without having to memorise numbers and letters, check that the address associated with the ENS domain is the correct one then you can use that address instead of using the confusing alternative.
This helps ensure that the transactions are going to the right place.
How long have they been operating?
Check how long they’ve been operating, if they’ve been live for a short amount of time, like 2/3 weeks then be very cautious, if they’ve been running for over 6 months, that’s a really good sign of longevity and a project that is somewhat established — most projects that scam will not make it to 6 months.
Lock-up Period
When you stake there is a certain amount of time that the asset is locked for, meaning you do not have access to it until that time is finished.
This presents a few risks that you should be aware of;
Decreasing of value — during your lock-up the value of your asset may decrease, and this may be worrisome because you do not have access to sell it, therefore before deciding you should understand that the value may fluctuate and unless you are in a stablecoin (still somewhat risky), your overall value including the staking returns may be negative.
Illiquidity
Liquidity is a word that gets thrown around a lot in the crypto space and some people may find it confusing. Simply put, it means the ability to quickly buy or sell an asset.
Therefore, illiquidity means the lack of the ability to quickly buy or sell an asset.
This is a risk mainly in staking smaller projects with lower volume, if the project has low liquidity on exchanges, you may find it difficult to sell the asset. The way to combat this and this is how we do it at vEmpire, is by ensuring that we have available liquidity on all our exchanges, so this risk is not applicable.
Loss, Theft or Hacked
The duration of time staking your assets is typically long term (stake and forget) and during this time it is relatively easy to forget your password, lose your seed phrase or have your funds stolen if you do not do your due diligence on the staking platform (take a look at our other article on this).
To avoid this, your password and seed phrase should always be written down and placed somewhere you would remember and be accessible to you.
For ensuring security with your funds a useful tip is to diversify your staked or held assets among different platforms and wallets, this way, if one gets compromised you have not lost the entirety of your assets, only a certain amount.
These extra steps are sometimes time consuming and annoying, however, you must treat this like insurance on your wealth, these small steps are what is safeguarding you from losing it all on easy mistakes.
Transparency
Do they welcome you to look at their staking pool addresses? Do they make it easier for you to look by giving you their addresses?
A fundamental part of blockchain technology is transparency, therefore, a fully open team that is not doing anything wrong should be able to supply the address information, for the most part.
Is the team managing the pools fully doxxed?
Are the team active online? Do they have social media profiles? Have you seen them speak in video AMAs, etc?
This factor ensures accountability, in the event where a team performs a rug pull or quick exit they can be penalised legally. However, anonymous teams have the ability to avoid this accountability which does increase the risk.
Final tip
If you are still unsure about using a pool but still really want to try it out, try creating a new wallet, send a small amount of funds to the platform and connect it. If your funds stay there and are retrievable after a certain amount of time then the platform should be safe.
However, as said previously, attackers will continue to be more creative in their attacks, do not stop researching and being careful, complete the steps above and do your due diligence to ensure safety while operating protocols.
