Due Diligence Checklist: A 15-Point Framework for Evaluating New Tokens & Protocols

Why a Rigorous Due Diligence Process Matters

Crypto markets move fast, narratives rotate weekly, and information asymmetries are the norm. A structured due diligence (DD) process protects you from FOMO-driven decisions, shiny dashboards, and hype that obscures risk. The objective of this framework is to create a repeatable, defensible, and time-efficient evaluation pipeline that anyone on your team can run, audit, and improve.

This 15-point checklist is designed for both early-stage protocols and newly listed tokens. It balances qualitative signals (team, vision, governance quality) with quantitative flags (supply schedule, liquidity depth, treasury runway, on-chain retention). Each section includes what to look for, how to verify, common red flags, and a 0–5 score rubric. At the end, you’ll find a printable worksheet, a sample scoring template, and tips for integrating this DD flow into your weekly research cadence.

How to Use This Framework

1. Scope first: Define the asset (token vs. protocol), the chain(s), and the decision you’re considering (buy, LP, farm, build, integrate).
2. Timebox: Allocate ~60–120 minutes for an initial pass. Deep dives can follow only if the initial score crosses your threshold.
3. Verify externally: Cross-check claims on-chain, in docs, and in third-party analytics (explorers, indexers, trackers).
4. Score consistently: Use the provided 0–5 rubric per category, then weight categories based on your strategy (e.g., fundamentals > tokenomics).
5. Decide & document: Log your decision, risks, and monitoring triggers. Re-evaluate when catalysts or risk factors change.

1) Problem, Market, and Value Proposition

Great tokens accrue value because they solve a painful, frequent, and valuable problem—cheaper transactions, better UX, stronger privacy, deeper liquidity, new financial primitives, or infra that simplifies developer workflows. Clarify the who (target users), the what (jobs to be done), and the why now (timing, market unlocks).

What to Look For

• Clear problem statement and specific user personas.
• Evidence of demand: waitlists, active Discord/Forums, GitHub stars, on-chain usage, pilot partners.
• Differentiation vs. substitutes (incumbents and other crypto solutions).

How to Verify

• Read docs and litepaper; validate claims against demos and testnet/mainnet features.
• Search competitor feature matrices; check forum threads for user pain points.
• Review on-chain interactions aligned with the value proposition (e.g., swaps if it’s a DEX, mints if it’s an NFT primitive).

Red Flags

• Vague mission, buzzwords without a concrete target user.
• No comparison to alternatives; hand-wavy claims about “network effects.”
• Zero usage beyond incentives or airdrop farming.

Score (0–5): How strong and verifiable is the problem-solution fit?

2) Team, Contributors, and Governance Maturity

A competent, accountable, and ethically aligned team dramatically reduces execution risk. Evaluate credentials, continuity, and culture. For DAOs, study contributor retention, role clarity, and decision velocity.

What to Look For

• Founders or core contributors with relevant domain expertise (crypto, finance, infra, security, product).
• Consistent transparency: public roadmaps, regular updates, post-mortems.
• DAO processes that avoid governance theater: clear proposals, quorum rules, and conflict-of-interest disclosures.

How to Verify

• Check contributor history across GitHub, research posts, and conference talks.
• Read governance forum proposals and execution records; assess turnaround from proposal to implementation.
• Cross-reference identity claims with professional profiles and past projects.

Red Flags

• Anonymous multi-sig signers with unilateral control and no checks.
• Infrequent updates, inconsistent messaging, or evasive AMA answers.
• Revolving-door contributors; bounty-only model with no core team depth.

Score (0–5): How competent and accountable is the team/org structure?

3) Token Utility & Economic Role

Tokens should do work: secure a network (staking), price scarce resources (blockspace), align incentives (revenue share, discounts), or coordinate governance. A token with thin or cosmetic utility struggles to sustain demand after incentives fade.

Utility Modes

• Security/consensus: Staking, slashing, validator collateral.
• Access/discounts: Fee reductions, premium features, bandwidth, compute.
• Cash-flow alignment: Revenue share, buyback/fee burn (where compliant).
• Coordination: Governance rights with guardrails and accountability.

Verify & Red Flags

• Check contracts: Which functions require the token? Is payment actually settled in the token?
• Beware governance-only tokens with no clear value accrual, or utility that’s easily bypassed.
• Look for “pay in stablecoin, reward in token” loops that dilute holders without intrinsic sink.

Score (0–5): Is the token’s role essential and defensible?

4) Tokenomics: Supply, Emissions, and Distribution

Tokenomics governs who owns what, when it unlocks, and how emissions change behavior. Your goal is to project dilution risk, seller overhang, and how emissions influence users, liquidity providers, and mercenary capital.

Key Checks

• Max supply & schedule: Fixed vs. inflationary; emissions decay; halvenings or capped rewards.
• Allocation: Team, investors, community, ecosystem, treasury—are these proportions justified?
• Unlock timeline: Cliff lengths, vesting cadence, known unlock cliffs and their dates.
• Real FDV vs. headline FDV: Price × fully diluted supply at unlock milestones, not just today.

How to Verify

• Read litepaper/tokenomics docs; compare to on-chain token supply.
• Use vesting explorers or public spreadsheets to map unlock curves.
• Track emissions to liquidity pools; analyze net sell pressure post-rewards.

Red Flags

• High insider allocation with short cliffs.
• Ambiguous emissions that can be unilaterally changed by a multisig.
• No circuit breakers for runaway inflation or reward loops.

Score (0–5): How balanced and transparent is supply and distribution?

5) Treasury Health and Runway

Protocol survival depends on treasury diversification and prudent burn. A treasury dominated by native tokens creates reflexive risk during drawdowns. Evaluate whether the project can fund audits, development, growth, and operations for multiple market cycles.

What to Review

• Treasury composition (stablecoins, BTC/ETH, staked assets, native token, LP positions).
• Cash burn vs. monthly inflows; hedging and diversification policies.
• Grants program efficiency and measurable ROI.

Red Flags

• Treasury 70–90%+ in native token with thin liquidity.
• No reporting cadence; ad-hoc spending through opaque multisigs.
• Short runway (<12 months) without plan to reduce burn.

Score (0–5): How robust and transparent is treasury management?

6) Roadmap, Milestones, and Delivery Track Record

Ambitious roadmaps are common; delivered milestones are rare. Look for shipping velocity, scope control, and post-release iteration. Backlog quality and the team’s ability to cut features or ship in phases are strong signals.

Verification Tips

• Compare roadmap slides with GitHub releases, changelogs, audit reports, and on-chain deploys.
• Check whether timelines were met; if delayed, were reasons credible and documented?
• Evaluate developer ergonomics (SDKs, docs, examples) for infra projects.

Red Flags: perpetual “coming soon,” abandoned repos, or marketing launches without product parity.

Score (0–5): How consistently does the team deliver?

7) Technology Architecture & Audit Posture

Technology risk compounds across smart contracts, cross-chain bridges, oracles, and admin controls. You need to understand the trust assumptions and blast radius of failures.

Critical Questions

• Is the core code open-source? What is the test coverage and review process?
• How many audits, by whom, and when? Did the team remediate findings?
• Are there bug bounties? What are the payout tiers and historical payouts?
• What external dependencies exist (bridges, oracles, sequencers)?

Red Flags

• Upgradable proxies controlled by a single EOA or low-threshold multisig.
• No bounties; dismissive attitude toward audits (“we’ll audit later”).
• Opaque oracles; high centralization in critical components.

Score (0–5): How strong are the technical guarantees and security posture?

8) Security, Keys, and Operational Controls

Beyond audits, evaluate operational security: key management, incident response, monitoring, and change control. Smart contracts fail when ops hygiene is weak.

Checklist

• Multisig signers: independence, rotation, doxxing policy, hardware wallet use.
• Timelocks on critical functions; emergency pause modules and who can trigger them.
• 24/7 alerting for anomalous on-chain events; public incident response plan.

Red Flags: single-signer deployer keys; no timelocks; privileged functions callable by EOAs.

Score (0–5): Are operational safeguards credible and enforced?

9) On-Chain Traction and Real Usage

Separate incentivized clicks from organic demand. Usage that persists after incentives taper is the strongest proof of product-market fit.

Metrics to Track

• Daily/weekly active wallets (DAW/WAU), cohort retention, repeat usage ratios.
• Protocol revenue (fees), unit economics (ARPU/ARPA), and fee stability.
• TVL quality (stickiness, concentration), volume/TVL ratios for DEXs.
• Share of voice and share of liquidity within the category or chain.

Red Flags

• Sharp usage cliffs post-incentives; heavy wash trading or sybil patterns.
• TVL inflated via circular lending or native-token loops.
• Low fee capture despite high nominal volume.

Score (0–5): How convincing is organic, sustainable usage?

10) Liquidity, Market Microstructure, and Exchange Risk

Liquidity determines entry/exit costs and slippage. Study where liquidity sits (DEX vs. CEX), how it’s incentivized, and who controls it. Understand market-maker relationships and potential for order-book games.

What to Examine

• Top pools and pairs, depth at 1%–2% price impact, and volatility around unlocks.
• Concentration risk: single pool dominance, mercenary LPs, or protocol-owned liquidity share.
• Listing/derivatives exposure (perp funding, borrow markets) and liquidation cascades.

Red Flags

• Shallow DEX depth with spoofed or rented CEX volume.
• Liquidity that disappears when rewards pause.
• LP tokens held by insiders with no transparency.

Score (0–5): How resilient and authentic is liquidity?

11) Legal, Regulatory, and Jurisdictional Considerations

Regulatory risk can erase value overnight. Assess the token’s economic characteristics, investor protections, and where the organization operates. Clarity doesn’t require perfection; it requires a credible plan.

Key Questions

• Has counsel reviewed token functionality and distribution?
• Are there geofences, disclosures, and T&Cs aligned with target markets?
• Does governance structure avoid undue control by identifiable promoters?

Red Flags: retroactive “utility” claims, aggressive retail marketing, or silent jurisdiction shopping.

Score (0–5): How realistic and proactive is the compliance stance?

12) Community, Communications, and Reputation

Strong communities compound distribution and provide honest feedback. Evaluate tone, transparency, moderation standards, and contributor pathways. Hype without substance is fragile.

Signals

• Regular, factual updates; clear roadmaps; responsive maintainers.
• Quality of discussion in forums: proposals, critique, and measurable outcomes.
• Independent community dashboards, bots, and analytics.

Red Flags: bot followers, engagement pods, mods who delete legitimate criticism.

Score (0–5): Is community authentic, informed, and constructive?

13) Partnerships, Integrations, and Ecosystem Fit

“Partnership” is overused. You’re looking for mutual technical integrations, measurable user flows, and distribution that drives incremental usage.

What to Validate

• Live, documented integrations (SDK examples, addresses, or pull requests).
• Real co-marketing with traffic or volume attribution.
• Ecosystem alignment: Does this protocol fill a gap or duplicate a saturated niche?

Red Flags: logo walls without links, “strategic MOU” posts that never ship, or partner tokens used only to farm emissions.

Score (0–5): Do integrations create real distribution or utility?

14) Competitive Moat and Defensibility

In open-source markets, moats come from network effects, liquidity depth, developer ecosystems, brand trust, or regulatory positioning. Short-lived edge exists, but defensibility sustains returns.

Evaluate

• Switching costs for users, LPs, and developers.
• Data advantages or unique distribution channels.
• Hard-to-replicate partnerships (e.g., enterprise integrations, specialized infra).

Score (0–5): How hard is it to copy and win your users away?

15) Risk Map, Scenarios, and Catalysts

Convert qualitative findings into scenarios with explicit catalysts. Good DD ends in a decision tree: enter, watchlist, or pass. Define monitoring triggers so you can react without emotion.

Map It

• Bull case: Which 2–3 catalysts must occur (feature ship, integration, chain expansion, fee switch)?
• Base case: What steady-state metrics justify holding (DAU, fee growth, TVL stickiness)?
• Bear case: What breaks (regulatory risk, exploit, unlock sell-off, competitor leapfrog)?
• Stop conditions: Pre-committed rules to exit, de-risk, or hedge.

Score (0–5): Are risks transparent and is there a credible plan to manage them?

Scoring Rubric (0–5 Per Category)

• 0: Absent, misleading, or critical failures.
• 1: Very weak; minimal evidence; major red flags.
• 2: Below average; partial information; several issues.
• 3: Adequate; acceptable trade-offs; no show-stoppers.
• 4: Strong; above-average execution and transparency.
• 5: Excellent; best-in-class with clear proof and resilience.

Optionally set weights to reflect your strategy. Example weights:

• Tokenomics & Liquidity (x1.5), Security (x1.5), Traction (x1.25), others (x1.0).

Due Diligence Worksheet (Copy & Use)

Paste the table below into your docs or Notion. Fill one row per category; store links to supporting evidence.

Red Flags & Deal-Breakers (Quick Reference)

• Security: single-signer control over upgradeable contracts; no audits/bounties; undisclosed admin functions.
• Tokenomics: high insider allocation with early unlocks; emissions that outpace organic demand; undefined max supply.
• Liquidity: artificial CEX volume; thin DEX depth; LP tokens held by insiders; liquidity owned by opaque multisigs.
• Governance: rubber-stamp voting; conflicts undisclosed; quorum games; treasury raids disguised as “strategic grants.”
• Legal: aggressive retail marketing with governance-only token; geofencing whack-a-mole; no counsel involvement.
• Comms: hostile moderation; deleted criticism; fake social proof.

Field Tips: Running This DD in 60–120 Minutes

1. Skim the docs: Copy claims into a notes doc. Note anything that must be verified on-chain.
2. Check the code: Confirm the core contracts, admin keys, and whether timelocks exist.
3. Tokenomics snapshot: Pull current circulating supply, next 3 unlock dates, and FDV at those unlocks.
4. Liquidity depth: Identify top pools and 1% impact depth. If depth is thin, size positions accordingly.
5. Usage quick-check: Plot DAU/fees over last 30–90 days. Look for incentive cliffs.
6. Governance pulse: Read the last 3 proposals and dev updates. Note cadence and follow-through.
7. Score, weigh, decide: If your weighted score meets your threshold (e.g., ≥ 55/75) and no deal-breakers, proceed to a small, staged position with pre-defined risk limits.

Position Sizing, Risk Controls, and Monitoring

Even high-scoring assets fail. Treat your initial position as a paid hypothesis test, not a victory lap. Use staged entries, time-based unlock hedges, and stop conditions to survive variance.

Controls to Consider

• Max loss per idea: Cap at 0.5–2% of portfolio until conviction is earned.
• Unlock hedging: Reduce exposure or set alerts a week before major cliffs.
• LP caution: Impermanent loss can dwarf fees in volatile pairs; consider protected pools or smaller allocations.
• Automation: Use alerts for TVL drops, fee compression, multisig changes, or anomalous admin calls.

Common Failure Modes (and How to Detect Them Early)

• Subsidy addiction: Usage collapses when rewards end. Detect: Compare usage with and without incentives; seek sticky cohorts.
• Governance capture: Insiders pass proposals that drain treasury. Detect: Watch quorum sources and wallet clusters.
• Liquidity rug: Incentivized LPs exit; slippage spikes. Detect: Monitor pool ownership and emission changes.
• Security debt: Feature velocity outpaces audit coverage. Detect: Require audits before critical upgrades.
• Regulatory shock: Token design triggers enforcement risk. Detect: Seek counsel disclosures and market geofencing.

Putting It All Together

A rigorous due diligence process is your edge. It doesn’t eliminate uncertainty—it prices it. By scoring fundamentals, verifying claims on-chain, and enforcing risk controls, you’ll avoid most landmines and be positioned to size up when authentic traction emerges.

Mantra: Evidence over narrative. Mechanisms over memes. Process over impulse.

Use the worksheet above for your next evaluation. Over time, you’ll build a private library of DD notes, unlock calendars, and post-mortems—an internal compounding asset that improves your hit-rate regardless of market regime.