Practicing due diligence is critical for avoiding scams on permissionless networks like Ethereum and zkSync Era.
Why permissionless? Freedom. Anyone is free to participate in the Ethereum and zkSync Era networks, validate transactions, and create smart contracts without needing any central authority or approval.
The mission of zkSync is to advance personal freedom for all — articulated in the ZK Credo.
While freedom sparks innovation, leading to progress, and ultimately prosperity; it always brings with it responsibility.
zkSync Era is a permissionless layer 2 protocol that scales Ethereum, powered by zero-knowledge technology. zkSync Era is more than a protocol that merely aims to increase Ethereum's throughput, it also aims to fully preserve Ethereum’s values — freedom, self-sovereignty, and decentralization — at scale.
Similar to Ethereum, one of zkSync Era’s inalienable attributes is that it’s fully permissionless; anyone can build or use the network without authorization. This makes it especially critical to be alert and always do your own research (DYOR) before engaging with projects on the network.
🚨Projects using the ‘zkSync’ and ‘Era’ names are NOT associated with the zkSync protocol or its core development teams — exercise additional caution with these projects and community channels. The only official sources maintained by the zkSync core team are the zkSync website, @zksync Twitter, and the zkSync Discord. 🚨
Understand the basics
The first step is to make sure you’re familiar with key concepts such as blockchain, rollups, bridges, DeFi, and smart contracts, to provide a foundation for your research.
Take advantage of the resources provided by The Ethereum Foundation for learning the fundamentals 👇
Throughout this process, remember to never share your private keys with anyone.
Verify external audits
A smart contract audit is a formidable shield against exploits and back doors.
If a protocol has been audited by a credible auditor, its code will likely be significantly more secure, and the chances of any inadvertent bugs or malicious code are much slimmer.
However, remember that not all audits are created equal, and that even the best audit can fail to identify weaknesses. Always verify that the audits were conducted by reputable Web3 security firms such as OpenZeppelin, Trail of Bits, Consensys, Hacken, Spearbit, or Halborne Security. These firms have audited well-known Web3 dapps such as 1Inch, AAVE, Metamask, and others.
View zkSync Era’s external audits 👇
Having an open-source codebase, like Ethereum or zkSync Era, is also a way to have many eyes continuously investigate the code.
Assess project fundamentals
You don’t need to read the smart contract code, but a basic understanding of the protocol’s target market, unique product features, and future vision are essential.
When analyzing a web3 project, start by researching the project’s mission and vision. Understand the problem the project aims to solve and its competitive advantage.
Most serious projects will have documentation describing technical aspects, mission, and future vision. If something is unclear, ask questions; it is on the project’s team to make sure the information is digestible, accurate, and clear.
Review the tokenomics
If the protocol has a token, studying its tokenomics is critical.
Beware of projects that appear to have suspicious token allocation structures, one example is if there is an excessive number of tokens set aside for project insiders instead of the community.
When it comes to token distributions, watch out for malicious airdrop attempts. These scams try to get you to visit a site and connect your wallet to gain access to your account and steal funds, or they send unsolicited crypto or NFTs to your wallet that contain malicious links or code. Verify the authenticity of the airdrop and the project behind it before participating, and never provide personal information––especially your private keys!––or send crypto to an untrusted source.
Tokenomics is a wide-ranging and complex topic; here are some helpful guides from Blockworks, Cointelegraph, and CoinMarketCap.
Read through documentation
While you’re reading about technology, pay close attention to the project’s documentation.
Watch out for red flags such as unsubstantiated sources, anonymous authors, and plagiarized content. Sloppiness like recurrent typos, missing content, or non-functioning links could be a cause for concern.
View zkSync Era’s documentation 👇
Jump into the community & partnerships
An active community and partnerships with established companies often point toward a promising project.
Join the project's social media channels like Telegram, Discord, and Twitter to gauge the community's sentiment and engagement. Keep in mind that follower counts and engagement numbers can be manipulated by bots. Look for genuine engagement and be skeptical of disproportionate metrics.
It’s also helpful to reference reputable organizations and individuals that follow the project. If several reputable accounts are following them, it’s more likely to be legitimate.
Get to know the team
When evaluating a project, it’s essential to look into the backgrounds of its team members.
Research the team’s experience, past projects, and track record of success. Tread carefully with projects that have anonymous leaders and no verifiable history — these can be highly risky.
Block out FOMO
The fear of missing out (FOMO) can be a very powerful motivator, but it’s one that you should avoid when it comes to interacting with new projects.
Never feel pressured to engage with a project. If it’s a promising project today, it will be a promising project tomorrow.
Scammers frequently use FOMO to their advantage. One example is honeypot schemes, where bad actors will lure victims into interacting with a fraudulently configured wallet — which appears to be a “pot of honey”, or free money — in order to scam them.
Safely exploring the zkSync ecosystem
Since mainnet launch in March 2023, zkSync Era has experienced tremendous ecosystem growth and developer adoption — already flipping Ethereum three times in past-day transactions per second (TPS).
As a result, many projects, both established and entirely new ones, have already deployed on zkSync Era, and new ones continue to do so every day to build out the future of Ethereum. Together, projects in the zkSync ecosystem are advancing personal freedom for all.
Permissionless and trustless blockchains are like public goods in which most participants including users, developers, and enterprises operate with good faith and shared values of building a new internet of value. That said, like in any sector, there are bad actors who use the permissionless structure dishonestly for their own advantage.
Due diligence takes time but its payoff is invaluable. By taking the right steps and sharing your learnings with others in the ecosystem as you gain new experiences, you can reduce the risks — for yourself and others — and enjoy exploring the zkSync ecosystem safely.
Reminder: This post is for informational purposes only and isn’t meant to be legal or investment advice (#NFA). We aimed to cover the main topics you should be aware of while researching crypto projects, but it’s not a comprehensive guide and we might have missed some important details relevant to you. So, take it as a starting point, and remember to always DYOR!