Chapter 35 Exercises: Evaluating Crypto Projects

Exercise 35.1: The "Would a Database Work?" Test (Bloom: Analyze)

For each of the following project descriptions, determine whether the project genuinely needs a blockchain or whether a traditional database would suffice. Justify your answer by identifying which specific blockchain properties (if any) the project requires.

Project A: A hospital network wants to create a shared medical records system. All hospitals in the network trust the same IT department to manage the database. Patients want to ensure their records are accurate and accessible at any hospital in the network.

Project B: A consortium of ten competing shipping companies wants to create a shared ledger tracking cargo as it moves through international ports. No single company is willing to let a competitor host the database. Customs authorities in multiple countries need read access.

Project C: A single e-commerce company wants to track its supply chain from manufacturer to warehouse to customer. The company owns every step of the supply chain.

Project D: A group of artists in an authoritarian country wants to publish and sell their work without government censorship. Payment processors in their country have been instructed to block transactions to "unapproved" art platforms.

Project E: A US-based startup wants to create a "blockchain-powered" social media platform where posts are "stored on-chain." The platform has a single moderator team and terms of service that allow post removal.

For each project, address: 1. Is there a trust problem that blockchain solves? 2. Is censorship resistance a genuine requirement? 3. Are there multiple parties who do not trust each other? 4. Could a traditional database with audit logs provide equivalent functionality? 5. Your verdict: blockchain needed, blockchain beneficial but not necessary, or blockchain unnecessary.

Exercise 35.2: Tokenomics Dissection (Bloom: Analyze)

You are given the following token distribution for a new DeFi protocol called "SwapZero":

Allocation Percentage Vesting Schedule
Public sale (IDO) 10% Immediate, no lock
Team 22% 6-month cliff, 24-month linear vest
Seed round investors 15% 3-month cliff, 12-month linear vest
Series A investors 12% No cliff, 18-month linear vest
Ecosystem/Community fund 20% Released by governance vote
Liquidity mining rewards 15% Emitted over 36 months (front-loaded: 40% in year 1)
Advisors 6% 3-month cliff, 12-month linear vest

Total supply: 500,000,000 SWPZ tokens. Current price: $0.80. Current circulating supply: 50,000,000 (10% from IDO).

Answer the following:

  1. Calculate the current market cap and the fully diluted valuation (FDV). What is the ratio of FDV to market cap?
  2. Create a month-by-month table showing the approximate circulating supply at months 0, 3, 6, 12, 18, and 24. Include all unlock sources.
  3. Identify the three months with the highest new token unlocks. What percentage of the current circulating supply enters the market in each of these months?
  4. Series A investors have no cliff. What risk does this create? How could it be mitigated?
  5. The ecosystem fund is "released by governance vote." Given that the team holds 22% of tokens (plus potential influence over advisors' 6%), analyze whether they have effective veto power over ecosystem fund releases.
  6. If the protocol generates $2 million per year in fee revenue and distributes 50% to SWPZ stakers, what is the annualized yield per token at the current FDV? At the current market cap?
  7. Based on your analysis, would you consider this tokenomics structure healthy, concerning, or a dealbreaker? Justify your answer.

Exercise 35.3: Audit Report Analysis (Bloom: Evaluate)

Below is a simplified summary of a fictional audit report for the "LendMax" lending protocol:

Auditor: BlockSecure Labs (mid-tier firm, audited 15 other protocols, one of which was exploited 8 months after audit) Scope: LendMax Core Lending Pool (v2.1), LendMax Oracle Adapter, LendMax Governance Duration: 3 weeks NOT in scope: LendMax Vault Strategies, LendMax Bridge, LendMax Token Contract Date: 9 months ago

Findings: - Critical (1): Reentrancy vulnerability in withdrawal function. Status: Resolved. - High (2): Oracle price manipulation possible through flash loan attack on low-liquidity pools. Status: Acknowledged, will fix in v3. Price feed validation added for high-liquidity pools only. - High (1): Admin key can upgrade core contract with no timelock. Status: Acknowledged, timelock planned for Q4. - Medium (3): Various gas optimization and input validation issues. Status: All resolved. - Low (5): Documentation and style issues. Status: Partially resolved. - Informational (2): Recommendations for monitoring and incident response. Status: Acknowledged.

The team has since deployed LendMax v2.3, which includes modifications to the vault strategies and a new bridge contract. Neither the vault strategies nor the bridge were in the original audit scope.

Answer the following:

  1. List every reason this audit should NOT give you confidence that LendMax is currently secure.
  2. The Critical finding was resolved, but the two High findings are only "acknowledged." What is the practical risk of each unresolved High finding?
  3. The audit was conducted 9 months ago and the team has deployed v2.3. What is the current audit coverage of the deployed code?
  4. The vault strategies and bridge were not audited at all. If you were considering depositing funds, which of these unaudited components would concern you most, and why?
  5. What would you want to see from the LendMax team before considering this audit adequate? List at least five specific actions.

Exercise 35.4: Red Flag Identification (Bloom: Apply)

Visit a block explorer (Etherscan, BscScan, or similar) and find a token that was launched in the past 30 days with a market cap under $1 million. (You may also use a token scanner like DEXScreener to find recently launched tokens.) Apply the "15-minute check" from Section 35.11 and answer the following:

  1. Is the contract source code verified on the block explorer? If yes, note any unusual functions (mint, blacklist, transfer restrictions). If no, note this as a red flag.
  2. What does the token holder distribution look like? What percentage of the supply is held by the top 10 wallets? Is the deployer wallet among them?
  3. Can you identify the team? Are they doxxed? Do they have verifiable LinkedIn profiles?
  4. Does the project claim to have been audited? If so, can you verify the audit on the auditing firm's website?
  5. What is the token's trading volume relative to its market cap? (Very low volume with a stable price may indicate wash trading or a honeypot.)
  6. How many of the 20 red flags from Section 35.8 does this token trigger? List each one by number.
  7. Based on your 15-minute analysis, would you classify this token as (a) potentially legitimate, (b) questionable, or (c) likely a scam? Justify your classification.

Note: Do NOT invest in any token as part of this exercise. This is an analytical exercise only.

Exercise 35.5: Full 10-Point Evaluation (Bloom: Evaluate)

Choose one of the following real protocols and conduct a full 10-point evaluation using the framework from this chapter:

  • Option A: Uniswap (DEX)
  • Option B: Chainlink (Oracle network)
  • Option C: Lido (Liquid staking)
  • Option D: Arbitrum (Layer 2)

For your chosen protocol:

  1. Answer all 10 questions from the framework. For each question, provide specific evidence (links to contracts, audit reports, governance proposals, token distribution data, etc.).
  2. Assign a rating to each question: Strong, Moderate, Weak, or Fail.
  3. Identify the protocol's two greatest strengths and two greatest weaknesses.
  4. Construct a "pre-mortem" scenario: it is 2028 and this protocol has lost 90% of its TVL/market cap. What went wrong? Write a plausible 200-word narrative.
  5. Construct a "steel-man" defense: you have been asked to invest $10 million of a fund's capital into this protocol's token. Write a 200-word investment thesis.
  6. Construct a "steel-man" attack: you are a short seller. Write a 200-word bear case.
  7. Based on your analysis, what is your overall assessment of the protocol? What specific conditions would cause you to change your assessment?

Exercise 35.6: Scam Pattern Recognition (Bloom: Analyze)

The following five descriptions are summaries of real crypto projects (names changed). Three are scams that resulted in significant losses. Two are legitimate projects that appeared suspicious to some observers but turned out to be genuine. Identify which are which, and explain your reasoning using the framework from this chapter.

Project Alpha: Anonymous team. Token launched on BNB Chain. Claimed to offer "AI-powered yield optimization" with 2% daily returns. Smart contract not verified on BscScan. Website featured stock photos and a whitepaper containing sections copy-pasted from Yearn Finance's documentation. 500 Telegram members, most posting rocket emojis. $800K in liquidity pool after 10 days.

Project Beta: Pseudonymous founder ("Chef Nomi") launched a token with no pre-mine and no VC allocation. The token was a governance token for a DEX that forked Uniswap's code. Within a week, the founder sold their entire token allocation ($14 million), causing the token price to crash 75%. The founder later returned the funds and apologized. The protocol continued to operate and eventually grew to billions in TVL.

Project Gamma: Team based in South Korea. Claimed to have created an "algorithmic stablecoin" that maintained its peg through a mint-and-burn mechanism with a companion token. The system worked for over a year, accumulating $40 billion in TVL. The stablecoin offered 20% yields through an associated lending platform. Multiple critics warned that the mechanism was fundamentally unsound, but the team dismissed them. The system eventually collapsed in a "death spiral."

Project Delta: Anonymous developer launched a lending protocol on Ethereum with no audit. The code was original (not forked). The developer communicated exclusively through a Twitter account. The protocol offered competitive lending rates with no token and no governance — the developer maintained full control. Over two years, the protocol grew to $500 million in TVL without incident.

Project Epsilon: Team claimed to be building a "metaverse gaming platform" with land NFTs, a play-to-earn token, and partnerships with major game studios. The team was doxxed with LinkedIn profiles, but their backgrounds were in marketing and finance with no game development experience. The token was launched before any playable game existed. The game was delayed three times. After 18 months, the team announced they were "pivoting" to AI, and the original gaming roadmap was abandoned.

For each project: 1. Identify which red flags from the chapter are present. 2. Classify as: confirmed scam, legitimate but risky, or legitimate. 3. Explain the key factor(s) that distinguish scams from legitimate-but-suspicious projects in this exercise.

Exercise 35.7: Python Evaluation Tool (Bloom: Create)

Using the project_evaluator.py script from this chapter's code directory as a starting point, extend it with the following features:

  1. Add a weighted scoring system where each of the 10 criteria can be weighted differently. By default, Questions 1-3 (fundamentals) should have 1.5x weight, Questions 4-6 (economics) should have 1.0x weight, and Questions 7-10 (risk factors) should have 0.8x weight.
  2. Add a comparison mode that evaluates two projects side-by-side and produces a comparative summary.
  3. Add an export function that saves the evaluation results to a JSON file with a timestamp, so evaluations can be tracked over time.
  4. Add a "quick check" mode that asks only the 5 most important questions (1, 2, 5, 7, 8) for a rapid initial screening.

Test your extended tool by evaluating two real or hypothetical projects and comparing the results.

Exercise 35.8: Assumption Chain Analysis (Bloom: Evaluate)

Choose a crypto project you are familiar with (or one from the worked examples in this chapter) and perform a detailed assumption chain analysis.

  1. List at least 8 assumptions that must be true for the project to succeed over the next 5 years.
  2. For each assumption, assign a probability (be honest — do not inflate these).
  3. Calculate the compound probability of all assumptions being true simultaneously.
  4. Identify the weakest assumption (the one with the lowest probability). What would the project need to do to strengthen it?
  5. Identify which assumptions are within the team's control and which are external (market, regulatory, technological).
  6. For each external assumption, describe a scenario in which it fails and assess the impact on the project.
  7. Based on this analysis, write a one-paragraph investment recommendation.