Lesson 8 — Pre-deposit checklist: the questions to ask before any DeFi allocation
Course closing. The 10-item checklist that captures most of the patterns we've covered, in a form you can apply to any protocol in under 20 minutes.
All the structural literacy in the previous seven lessons collapses into a small number of practical questions. This final lesson is the checklist — the questions to ask before deploying any meaningful capital into any DeFi protocol. Twenty minutes per protocol, applied consistently, would have prevented a substantial fraction of historical losses.
**1. TVL and TVL history.** Look up the protocol on DeFiLlama. What is current TVL? What is TVL six months ago, one year ago, two years ago? Steeply declining TVL is a leading indicator — often the people closest to the protocol have already exited. Conversely, sudden very-fast TVL growth without organic explanation is sometimes a points-farming dynamic that will reverse equally fast. Stable, slowly-growing TVL over multiple years on a heavily-audited protocol is a strong baseline.
**2. Audit history.** How many audits, from which firms, on which versions? Are the audits on the actual deployed code (commit hashes match Etherscan-verified source)? Are there unresolved Critical or High findings? Is the audit recent enough that material code changes since are minimal? Skip protocols with a single audit older than a year on code that has been substantively changed.
**3. Admin functions and timelocks.** Read the protocol's governance and admin documentation. Who can pause the contracts? Who can upgrade? Who can change critical parameters (interest rate curves, collateral factors, oracle sources)? Is there a timelock between proposal and execution? A 48-hour timelock on every admin action is the minimum that gives users time to exit if a malicious proposal is queued. A protocol where a single multisig can change parameters with no timelock is functionally a custodial product — the team can change the rules at any moment.
**4. Oracle design.** Which oracle, which feed, which update frequency? Is the oracle one of the well-tested feeds (Chainlink mainline, Pyth on Solana for major assets) or a long-tail feed with less venue aggregation? For any protocol where prices affect consequential operations (liquidations, settlements, redemptions), the oracle is the load-bearing dependency. Lesson 5's pattern recognition applies directly here.
**5. Withdrawal limits and circuit breakers.** Does the protocol have a withdrawal-rate limit that would slow a drain during a stress event? Is there an emergency pause? Who controls the pause? Protocols with no rate limits and no pause functionality have no circuit breaker — when a drain starts, it runs to completion. The trade-off is that circuit breakers add admin power, so they need to be coupled with timelocks and multisig controls.
**6. Bridge dependency.** Does this protocol's token live natively on this chain, or is it a bridged wrapper? If it's bridged, which bridge? Apply Lesson 6's framework: signer-set distribution, operational history, key custody. Holding 'USDC' on a chain via an unofficial bridge stacks the bridge risk on top of the issuer risk. Holding native USDC (Circle's direct deployment) on chains where Circle supports it is a clean stack.
**7. Team transparency.** Are the team members public? Are they reachable? Have they been involved in previous DeFi projects? Anonymous teams are not categorically disqualifying — some excellent protocols have anonymous founders — but the operational track record needs to be longer and the technical openness needs to be greater to compensate. A team that has been public, named, and reachable across several years builds reputational capital that anonymous teams structurally cannot.
**8. Documentation and code-to-doc match.** Read the protocol's documentation. Does it accurately describe what the contracts do? Are the contracts open-source and verified on Etherscan? Can you trace any given user flow from the docs to the actual code? Protocols whose documentation doesn't match their code, or whose contracts aren't verified, are exposing users to obfuscation risk regardless of the documentation's quality.
**9. Insurance and post-incident track record.** Does the protocol have insurance coverage available (Nexus Mutual, InsurAce, others)? Have past incidents at this protocol been disclosed and compensated, or quietly buried? A protocol whose past minor issues were openly disclosed and addressed is signaling that future incidents will be handled the same way. A protocol whose history is suspiciously clean often has incidents that were hushed.
**10. Size your position to your risk tolerance.** No checklist eliminates risk. Major exploits have hit protocols passing every checklist item. The final discipline is sizing positions so that a total loss of any single protocol position is survivable. For most users that means no single protocol holds more than 5–15 percent of total DeFi exposure, with the most-mature protocols (Aave, Compound, Maker, Lido, Curve, Uniswap) earning the higher end of the range.
**Course closing.** Eight lessons in, you have the toolkit: AMM math, lending mechanics, audit reading, exploit-class pattern recognition, oracle evaluation, bridge analysis, IL/LVR math, and this checklist. The toolkit doesn't tell you what to allocate to. It tells you what questions to ask before allocating. Applied consistently to any new protocol — including the next one that will be exploited — it would have prevented a substantial fraction of historical losses. The remaining losses come from risks the toolkit doesn't fully cover (unknown unknowns, sophisticated novel exploits, integration surprises), and that residual is what position sizing is for.
Example
Run the checklist against a hypothetical new lending protocol. (1) TVL: $40M, six months old, no prior history. Yellow flag — too young for confidence. (2) Audits: one audit by a small unfamiliar firm; commit hash matches current deployed code; no High findings, two Medium 'Acknowledged.' Yellow flag — single audit, small firm. (3) Admin: 4-of-7 multisig, 24-hour timelock on parameter changes. Acceptable. (4) Oracle: Chainlink for major pairs, a 1-hour Uniswap V3 TWAP for the protocol's native token. Yellow flag — the native-token TWAP is the soft spot. (5) Withdrawal limits: none. Red flag for a young protocol — a drain would run to completion. (6) Bridge: protocol is Ethereum-native, no bridge exposure. Green. (7) Team: two named founders with prior DeFi work. Acceptable. (8) Docs: clear, code is verified. Green. (9) Insurance: no Nexus Mutual coverage available; no past incident track record. Yellow — too early. (10) Sizing: even if you proceed, this is a sub-2 percent allocation given the youth and the oracle yellow flag. Composite: not obviously a scam, but the risk profile justifies very small positions only. The same exercise on an established protocol (Aave V3, for example) would yield mostly greens with a few legitimate yellows (admin powers, oracle dependency, cross-chain integration) — and would justify substantially larger position sizing.
Common mistakes
- Skipping the checklist for 'just a small position.' Small positions accumulate; the discipline of applying the checklist matters for habit formation.
- Treating any single checklist item as a kill criterion. Most protocols have at least one yellow flag; the question is the composite.
- Over-weighting checklist items without context. An anonymous team is a yellow flag for a brand-new protocol; for a five-year-old protocol with consistent operational record, it's much less so.
- Failing to size positions appropriately. The checklist reduces risk; it does not eliminate it. Sizing handles the residual.
- Forgetting to re-check protocols you've already deposited into. Protocols change — audits go stale, admin structures change, oracle sources change. Quarterly re-checking of meaningful positions is the discipline.
Check your understanding
Applying the pre-deposit checklist to a six-month-old lending protocol with $40M TVL, one audit by a small firm, a 4-of-7 multisig with 24-hour timelock, Chainlink for major pairs but a 1-hour TWAP for the native token, no withdrawal limits, and named founders. What is the most defensible position size relative to your total DeFi allocation?
Key terms covered
Sources & further reading
- PrimaryDeFiLlama — Protocol TVL tracker
Live TVL and historical data for every major DeFi protocol.
- PrimaryEtherscan — Contract verification
Source-code verification for every deployed contract.
- Primary
- PrimaryL2Beat — Layer-2 risk analysis
Structured risk assessments for L2 rollups and bridges.
We prioritise primary sources. Where a topic moves quickly (regulation, security incidents), we re-check sources on the cadence shown by the page's "Next review" date.