Curator Cheat Sheet.

Verifying the legitimacy of a subgraph may prove to be tricky at this stage of development. Anyone can publish a subgraph and/or fork an existing once, which is why Curators are encouraged to develop strategies that allow them to verify if a subgraph is legitimate.

Overview

Project Team Verification

Verifying if subgraph is published by official team

Additional Assessments

IPFS/metadata and other verification strategies

Source Code Analysis

Analyzing the subgraph’s source code

Subgraph Usage Evaluation

Making projections about the subgraphs future usage

Step #1.

Check if the subgraph is published by the official project team:

Follow these steps to verify whether or not a subgraph was published by the official team:

  • Assume by default the subgraph is not official, in particular if there is ‘official’ in the name
  • Check the project team’s official channels (Twitter, Discord, or ask in DM)
  • Check the address of the subgraph owner, from where it was funded, if it has an ENS name or not
  • Check if the subgraph is used by the project’s team (either check on GitHub or inspect the requests from your web browser via Inspect Element)

Step #2.

If the project is not official, there might still be some demand (risky)

Here are further steps to verify if a subgraph is legitimate

  • Check IPFS/metadata to verify the data matches with the project’s GitHub
  • Check the number of queries (if already indexed)
  • Check if the owner already rugpulled on other subgraphs, was part of the curator program, has POAP badges.

Step #3.

Check the source code

Deployments are posted in the legacy explorer using a GitHub, the mainnet publisher can’t be directly connected to the publisher on the hosted network. But you can verify that the deployment_id is the same (quick way to see “is this the same code or something different. If different, why? Does GitHub have updates or is this a total fake)” this does not help identify forks.

If they have the same deployment ID you can see “did the hosted network successfully sync this data?” Which addresses a potential risk aspect.
(That’s mainly on new deployments)

Step #4.

Evaluating if the subgraph is going to be used

Here are further steps to verify if a subgraph is legitimate

  • Does the subgraph work, is it functional? 
  • Is the deploying address reputable or is it a throw away account
  • How long has the deploying address been active with The Graph (check ERC20 Token Txns)?
  • Is there any indication that the dApp intends to use this subgraph?
  • Is there an RFP for this subgraph?
  • Does it exist in legacy, is the deploying address the same?

Summary

Especially in the early stages of Curation, analyzing a subgraph is legitimate and time-consuming. There are certain indicators but great care should be taken to avoid signaling on unofficial subgraphs designed to trick Curators.

Matheos

Curator

Credit for step #1 and #2 goes to Matheos. You can get in touch with him on Discord via his ID: matheos#4212

Derek

DataNexus

Credit for step #4 goes to the curation specialist Derek from DataNexus. You can get in touch with him on Discord as well as The Graph’s official forum under his username DataNexus.

Go Back

Curator Knowledge Hub

Up next

Curation risks