The Initial Coin Offering market has given to and taken away from companies and investors alike. Companies with the proper business acumen, technical expertise, crypto-economic knowledge, and support have a chance to be successful; investing can be a highly profitable endeavor for those with the knowledge and connections within the space to accurately determine the strength of a project. However, for companies and investors who lack the aforementioned qualities, the collective stories they tell are often those of misfortune.

What you hear in the media is generally skewed towards cautionary tales of crypto misfortune that have come as a result of poor execution and false promises made by teams that often do not know any better. Sure, there are scams, but projects consistently fail due to circumstances that they could have controlled. This lack of awareness stems from a lack of standards that are only now being developed as people start to realize how important they are. If history is our greatest teacher, the biggest detriment to our space has been time, or a lack thereof, to learn from collective mistakes and spread knowledge for the betterment of the community.

Our mission at Totem is to create a higher standard for the execution of work in the blockchain industry. This can only be done through education and discourse, so in an effort to help, we would like to share some lessons that we have learned over the past few years observing and working in this industry, in the hopes that we can inform teams on many of the unnecessary pitfalls of the ICO process.

Project Evaluation

Before a project begins to self-finance or raise privately to cover the initial costs of their project, they should gauge interest among investors and users alike. This can be done by engaging consultants and funds who can review the concept, use case, and value of the project. There are many factors that can make a project not feasible and it is important to assess these factors before jumping into this industry—these will be discussed below.

Sustainable Business Model

Many use cases are not economically feasible or technologically achievable at this point in time, but most people do not know that. It doesn’t keep people from pursuing and selling investors on projects that have a seducing allure, but not a practical application on the blockchain — especially at this stage in the technology’s infancy. For example, storing rich data on the blockchain that has to be constantly updated and pulled on is not an effective use case at this point in time. However, simple applications such as supply chain management and remittance can use the blockchain in small ways and have the potential for industry-shifting impacts.

A common misconception we also see is companies wanting to tokenize a pre-existing business model in the belief that it will create added value for their users. However, this usually creates an additional level of friction that only complicates how users interact with the business in the first place, and decreases the likelihood that they will want to use it in the future.

Two simple questions to ask yourself before tokenizing your business model are: do you need your own token, and why are you creating one in the first place? If the answers are “No,” and “To raise money,” then a token offering is probably not the right way to go. You will likely fail before getting to the crowd sale, and will certainly lose money and time trying to get there.

Investor Psychology and Timing

Sometimes you will have a good use case and model, but the market will not be interested in using it yet. Most of these projects are doomed to fail at least in the near term. It is a catch-22. ICO investors do not want to invest in traditional vehicles, and traditional investors do not want to invest in a token (they like paper). For investments such as real estate, this notion is currently holding true. Even the most impressive, well-modeled projects of this nature are not getting through their crowd sales.

This does not mean these projects will not be successful in the future though. As the security token market continues to develop, space will open up for these projects to be adopted by investors — just not right now.

Market Complexity and Volatility

If and when you make it to the crowdsale, there are plenty of additional problems to be aware of, from the way that a company conducts their sale to how the smart contracts that manage them function. The most common mistakes outside of smart contract vulnerabilities are usually associated with: taking more than one token for contributions, fixing the price of Ether during a prolonged sale, and underestimating the impact market volatility will have.

Let us say that a company runs their crowd sale when the price of Ether is $400 USD and that is the price they fix all contributions to. If the token sale does not close fast, and the market starts to fluctuate, then investors are going to receive different values than initially intended. This can be good or bad for investors, depending on which direction the volatility goes. If the price of Ether goes down, they are getting more bang for their crypto; however, if the price goes up, then the value they are getting back goes way, way down. The problem gets worse as time goes on. If the value of Ether increases drastically above the initial price then suddenly, people pay 2–3 times more, but receive the same amount of tokens in return as the contributors who invested when Ether was initially valued at $400 USD. It is important to keep the exchange rate consistent throughout the duration of a crowd sale, otherwise the company conducting it or the investor participating in it will suffer.

Additionally, accepting more than one token complicates the process. The token you accept should always be the native token of the platform you are raising on. If it is Ethereum, raise in Ether and do not accept bitcoin or other tokens. Crypto is not mainstream yet; therefore anyone investing in an ICO is capable of converting their bitcoin and any other token that is liquid into Ether to participate in a token sale. Don’t try to convince yourself otherwise, and don’t over-complicate this process — just keep it simple.

Smart Contract Auditing

Discovering vulnerabilities in your smart contracts during an ICO should not happen. What teams seem to take for granted is that smart contracts are not just code: they are the intersection of finance and code. Every function they execute requires real value to do so, and they are responsible for holding and managing millions of dollars in cryptocurrency during these sales.

Since that is the case, there needs to be the closest thing to a guarantee that a vulnerability does not exist before a smart contract is published to the Ethereum mainnet for all to see and interact with. If there is even one minor error, it could lead to all funds being stolen or lost without an ability for any party to retrieve them.

Common Smart Contract Vulnerabilities

Infinite Token Generation

Any transfer between partner addresses generates new tokens. Therefore, if two partners were to collude, they could generate infinite tokens by transferring back and forth to each other. This feature was intended to encourage usage of the token; however, a limit has to be put in place on the bonus generation.

Contract Inheritance Issues

As more and more ‘libraries’ or ‘suites’ of contract source code are released into the open-source realm, it is getting easier to assemble a contract from scratch. The flip side of this, is that without deep knowledge and close attention to detail, it is very easy to add a function to a contract that you do not expect.


One of the most commonly found critical vulnerabilities is simply the improper use of ownership modifiers across the contracts. If a contract were to successfully implement this protection across all of the necessary functions, except for the function used to change the owner of the contract, any user could make themselves the owner of the contract and then carry out any protected function, such as minting new tokens.

Still don’t think an audit or multiple audits are necessary for your project? Here is a short list of projects that suffered due to smart contract vulnerabilities that have shut down or crippled their projects altogether: some of the highest profile projects in the space.

  • DAO
  • Polkadot via Parity
  • Bancor

In addition to those projects that have suffered zero-day exploits, a multitude of projects have experienced issues from the vulnerabilities they published to the Ethereum mainnet. It would not be farfetched to assume that over 60 percent of token contracts on the mainnet have vulnerabilities, and could still be exploited.

What’s the point?

Do not rush to market — instead, take time to understand the process, because it is a lot more complicated than it looks. By paying what is necessary to get insight, support, and security, you can save yourself and investors a lot of pain and money.

In no way is this article exhaustive. There are still many landmines within the process that anyone can step on along the way. However, it is our hope that after reading this article, some of them will be more visible than others, and help to create fewer problems — not more.