Looking at whether a project is "trustworthy or not," I don't pay much attention to superficial details now. First, check GitHub: it's not about how many stars it has, but whether there has been recent activity, whether the code has been modified, and if those changes have been reviewed (not all pushed directly into the main branch at once). Then, don't just look at the cover logo of the audit report; search directly for sections like "unresolved/accepted risks," as many pitfalls are hidden in the small print of "we decided to leave it as is"... The most critical part is the upgrade multi-signature: how many people are involved, what is the threshold, whether the contract can be swapped out with a single click at any time, and whether there is a time lock. Given the current extreme fund rates, I can understand the arguments in the group about whether to reverse the trend or continue to inflate the bubble, but I will first confirm: even if the market reverses, will the protocol also be secretly upgraded by multi-signature in the middle of the night? Anyway, beginners should go over these three things first; it will make them feel much more at ease.