Security Rating Level: 3
Evaluation Date: Dec 20th, 2021

1. History & Team (Weight 20%; Score 75)

1.1 Project age (8%; 50)
Launched on mainnet from 2021 Sept, alive for 4 months.
1.2 Past exploits (8%; 100)
In the past 12 months, 88mph v3 was not attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 50)
Unknown

2. Exposure (Weight 25%; Score 31.2)

2.1 Historical TVL (17.5%; 26)
Average market share in the past 2Q: less than 0.1%, less than 0.1%
Data collected from 88mph Protocol: TVL and stats - DefiLlama
2.2 Industry segment (5%; 40)
88mph is a yield aggregator
2.3 Infrastructure (2.5%; 50)
Unknown

3. Audit (Weight 35%; Score 95)

Audit report available on: publications/88mph.pdf at master · trailofbits/publications · GitHub, 88mph — Code 423n4 and publications/PeckShield-Audit-Report-88mphv3-v1.0.pdf at master · peckshield/publications · GitHub
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 70)
Audited by Certik, Quantstamp and Peckshield, Tier 2 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 10)
Core smart contracts audited by multiple firms. Audit done before deployment

4. Code quality (Weight 15%; Score 65)

Repository on github: GitHub - 88mphapp/88mph-contracts
4.1 Documentation
Top level documentation exists. Minimal comments in explaining how the code connects to the oriented functions
4.2 Test
Full test suites exist but code coverage cannot be visible

5. Developer community (Weight 5%; Score 77)

5.1 Bug bounty program (3.5%; 80)
Exists. Reward up to $100,420
5.2 Issues raised on Github (1.5%; 70)
9 issues raised on github repository

The N-SCOSS for Compound is 69.95, level 3