Cremonix BTC Bot Audit Checklist

Skip the hype. Use this checklist to evaluate any Bitcoin or Ethereum trading bot — including ours.

How to use this checklist

Rate each item 0 / 1 / 2:

  • 0 = missing / unclear
  • 1 = partially covered
  • 2 = clearly covered + verifiable

Score guide:

  • 16–20 = serious system
  • 10–15 = proceed carefully
  • 0–9 = marketing bot

1) Strategy clarity (no black box)

A good bot can explain its actions.

Check for:

  • Clear entry & exit rules (even if ML is used)
  • A plain-English reason for each trade
  • Evidence the strategy matches the market type (trend vs chop)

Red flag:

  • “AI does it all” with no explanation.

2) Risk controls are real (not just words)

Risk management is the product.

Check for:

  • Hard stop-loss support (not “we’ll try to exit”)
  • Max position sizing (per trade)
  • Max daily loss / circuit breaker
  • Cooldown after losses (prevents revenge trading)

Red flag:

  • “We don’t use stop losses” or “stop loss not needed.”

3) Execution reality (fees + slippage)

Backtests can lie if execution isn’t modeled.

Check for:

  • Fees included in backtests
  • Slippage assumptions stated
  • Clear market vs limit behavior
  • Handling of partial fills (if using limits)

Red flag:

  • “Backtest results” with no mention of fees/slippage.

4) Backtest integrity (no data tricks)

A bot should prove it works outside the cherry-picked period.

Check for:

  • Out-of-sample testing (train vs test periods)
  • Avoids lookahead bias (no future data used)
  • A real trade log with timestamps
  • Performance includes drawdowns (not just return)

Red flag:

  • Only shows “ROI” without trade log or drawdown.

5) Live tracking & transparency

If it’s real, you can verify it.

Check for:

  • Live trade history (fills, timestamps)
  • Real-time P&L tracking
  • Win rate + average win/loss
  • Export to CSV for taxes/accounting

Red flag:

  • “Trust us” dashboards with no raw trades.

6) Exchange & API key safety

You should always keep custody.

Check for:

  • API keys are trade-only (no withdrawals)
  • Keys are encrypted at rest
  • 2FA enabled on the exchange account
  • Clear permission guidance during onboarding

Red flag:

  • Bot asks for withdrawal permissions.

7) Downtime behavior & failure modes

The bot must behave safely when things go wrong.

Check for:

  • What happens if price feed fails?
  • What happens if server restarts mid-trade?
  • Automated recovery on reboot
  • Alerts/notifications for errors and fills

Red flag:

  • No answer for “what happens if…”

8) Market regime awareness (when NOT to trade)

The best trade is sometimes no trade.

Check for:

  • Conditions where the bot stands down
  • Filters for choppy/low-edge markets
  • Volatility-aware risk sizing (or safety rules)

Red flag:

  • Bot must trade constantly to look “active.”

9) Control & exit options (you’re in charge)

You should be able to stop instantly.

Check for:

  • Pause / stop button
  • Manual close option (when appropriate)
  • Clear open-position monitoring
  • Transparent “in trade” status

Red flag:

  • You can’t pause, or it only stops “after the next cycle.”

10) Instant red flags (walk away)

If you see any of these, stop.

  • Guaranteed returns
  • No trade logs
  • No risk controls
  • No fee/slippage modeling
  • No explanation of exits
  • “AI” used as marketing, not engineering