How do we actually confirm if an altcoin is legit and does what it says it does? Say, for example, the premined numbers.
Do we check it on the ethereum blockchain contract or? and how do we do that?
Hello metalbean,
Most people doing the first glance sanity check will inspect main.cpp and evaluate how the subsidy has been calculated.
Though, there are only an unlimited amount of ways a coin daemon's code may be modified -- and so I rely on identifying the parent coin's code and the commit or approximate commit from which the new coin was forked from the parent project.
Knowing where in the parent repository's timeline the new project had been forked, is sometimes difficult because of the omission of a full commit history.
With a little bit of detective work you can figure this part out for yourself.
Then, the easiest way to find out "what was changed" between the parent project and the new coin code would be to use git's built in tools for rebasing.
The way it works is by essentially taking the new coin's code and then merging the new coin's repository with the commit history of the parent project.
When you do this, you then see which files had been modified, where they had been modified and you can then evaluate those changes for yourself as to whether they're acceptable to you.
No amount of obfuscation in code will hide the new coins changes if you essentially perform a diff against old code from the parent project and the new code from the new coin.
There will be a lot of files showing changes from Xcoin to Ycoin but there will also be revealing changes about the address prefix, network magic, subsidy function and other work performed by the developer.
The above will be useless to you if you're running some random executable provided to you by a stranger, because unless it is a signed Gitian build you can validate on your own; there are no assurances the provided binary was built from the given sources.
Best Regards,
-Chicago