So you want to yield farm. That's great, but how do you know the smart contracts are safe? How do you know the contracts won't simply transfer all your crypto into the project's wallet?
Assuming you don't want to go through the smart contracts line by line trying to figure them out from scratch, you still need to be able to quickly check things before your put your money into (usually unaudited) smart contracts. This is true for both Ethereum yield farming or BSC yield farming but might be different for other protocols.
Here are a few ways you can do that. You don't need to be a programmer to follow these steps.
Step-1: Isolate the staking contract
If you are yield farming, you don't really care about all the smart contracts of the project. What you are most interested in is the actual staking contracts. These are the contracts that lock up your tokens or LP tokens and then give you rewards. Therefore, the first step is to find the staking contract on Etherscan.
Warning: Do not look for this contract on the project's Github. This is because the project can simply put a safe contract on Github while using a malicious contract on their site.
In order to do this, go to the app's site and look at which contract is actually being called when you go to stake. You can do this on MetaMask - just copy the contract being called and then reject the transaction.
Once you click on the above, you will copy the contract's address to your clipboard. Then go to Etherscan and check the contract. Get the source code from the contract tab on Etherscan. If the contract is not verified, run away!
Step-2: Run a diff
Then run a diff against this.
Step-3: Look for suspicious changes
Specifically look for any suspicious changes like changing the owner of a function or introducing a new function to transfer or withdraw. In addition, if there is a timelock, make sure to check that to see how long it is set for and ideally set up notifications when there is a transaction on the timelock. The owner should generally be a timelock to prevent misuse of admin functions by the team. If it is a regular Ethereum address (EOA) there is a much higher risk, depending on the admin/owner capability.
Of course there are other gotchas that you should be careful about and no smart contract is guaranteed to be 100% safe, but if you follow the steps above, you will eliminate 80% of all outright scams and keep your crypto safe.