Security Rating Level: 3
Evaluation Date: Mar 31st, 2021

1. History & Team (Weight 20%; Score 80)

1.1 Project age (8%; 50)
Launched on mainnet from 2020 Oct, alive for 7 months.
1.2 Past exploits (8%; 100)
Was never attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 100)
CTO, Yaron Velner, started software programming from 2005

2. Exposure (Weight 25%; Score 31.2)

2.1 Historical TVL (17.5%; 26)
Average market share in the past 2Q: 0.3%, less than 0.1%
Data collected from B.Protocol | Stats, Charts and Guide | DeFi Pulse
2.2 Industry segment (5%; 40)
B.Protocol is a yield aggregator
2.3 Infrastructure (2.5%; 50)
Out of business nature, heavy oracles are needed for price feed

3. Audit (Weight 35%; Score 78)

Audit report available on: audits/Audit Report - Backstop Protocol [02.10.2020].pdf at master · solidified-platform/audits · GitHub
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 30)
Audited by Solidified, Tier 3 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 5)
Audit done before deployment

4. Code quality (Weight 15%; Score 75)

Repository on github: GitHub - backstop-protocol/dss-cdp-manager
4.1 Documentation
Top level documentation exists. Minimal comments in explaining how the code connects to the oriented functions
4.2 Test
Test done but code coverage not visible

5. Developer community (Weight 5%; Score 60)

5.1 Bug bounty program (3.5%; 60)
Exists. Reward up to $20,000
5.2 Issues raised on Github (1.5%; 60)
4 issues raised on github repository

The N-SCOSS for Compound is 65.35, level 3

B.Protocol remained its security level at 3, as re-evaluated on 2021 December 20th.

As of 2021 December, B.Protocol smart contract have been deployed over 12 months without ever being attacked, resulting in a score increase in pillar 1. Pillar 5 score is increased by 26 as a consequence of higher bug bounty reward and increased number of issues under discussion. Overall N-SCOSS is improved.

Below are the details of updated rating for B.Protocol based on data up to 2021 December 20th.

Security Rating Level: 3
Evaluation Date: Dec 20th, 2021

1. History & Team (Weight 20%; Score 92)

1.1 Project age (8%; 80)
Launched on mainnet from 2020 Oct, alive for 15 months.
1.2 Past exploits (8%; 100)
In the past 12 months, B.Protocol was not attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 100)
CTO, Yaron Velner, started software programming from 2005

2. Exposure (Weight 25%; Score 41)

2.1 Historical TVL (17.5%; 26)
Average market share in the past 2Q: less than 0.1%, less than 0.1%, less than 0.1%, less than 0.1%
Data collected from B.protocol Protocol: TVL and stats - DefiLlama
2.2 Industry segment (5%; 40)
B.Protocol is a yield aggregator
2.3 Infrastructure (2.5%; 50)
Out of business nature, heavy oracles are needed for price feed

3. Audit (Weight 35%; Score 78)

Audit report available on: audits/Audit Report - Backstop Protocol [02.10.2020].pdf at master · solidified-platform/audits · GitHub
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 30)
Audited by Solidified, Tier 3 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 5)
Audit done before deployment

4. Code quality (Weight 15%; Score 75)

Repository on github: GitHub - backstop-protocol/dss-cdp-manager
4.1 Documentation
Top level documentation exists. Minimal comments in explaining how the code connects to the oriented functions
4.2 Test
Test done but code coverage not visible

5. Developer community (Weight 5%; Score 83)

5.1 Bug bounty program (3.5%; 60)
Exists. Reward up to $100,000
5.2 Issues raised on Github (1.5%; 60)
33 issues raised on github repository
(Note that the count of number of issues was different from last evaluation, changing from counting open issues only to open+closed issues. Such adjustment is to better reflect all historical discussion in github repository and hence a more precise measure of the developer activity)

The N-SCOSS for Compound is 71.35, level 3