[Ethereum] 1inch - Security Rating 3

Security Rating Level: 3
Evaluation Date: Mar 31st, 2021

1. History & Team (Weight 20%; Score 80)

1.1 Project age (8%; 50)
Launched on mainnet from 2020 November, alive for 8 months.
1.2 Past exploits (8%; 100)
Was never attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 100)
CTO, Anton Bukov started software proramming from 2011

2. Exposure (Weight 25%; Score 55.4)

2.1 Historical TVL (17.5%; 47)
Average market share in the past 2Q: 3.1%, 2.8%
Data collected from 1inch Liquidity Protocol | Stats, Charts and Guide | DeFi Pulse
2.2 Industry segment (5%; 80)
1inch is an exchange aggregator
2.3 Infrastructure (2.5%; 65)
Chainlink is used for price feed. Single decentralized oracle

3. Audit (Weight 35%; Score 99)

Audit report available on: GitHub - 1inch/1inch-audits
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 100)
Audited by OpenZepplin, Certik, Chainsulting, Coinfabrik, Hacken, Haechi, MixBytes, Scott Bigelow, Slowmist, Tier 1 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues found in audit
3.4 Other credits (up to additive 5.25%; 5)
Core smart contracts audited by multiple firms

4. Code quality (Weight 15%; Score 40)

Repository on github: GitHub - 1inch/liquidity-protocol
4.1 Documentation
No top level documentation exists but not in full details. Minimal comments.
4.2 Test
Insufficient test suites.

5. Developer community (Weight 5%; Score 30)

5.1 Bug bounty program (3.5%; 0)
Not exists
5.2 Issues raised on Github (1.5%; 100)
31 issues raised on github repository

The N-SCOSS for Compound is 72, level 3