[Ethereum] B.Protocol - Security Rating 3

Security Rating Level: 3
Evaluation Date: Mar 31st, 2021

1. History & Team (Weight 20%; Score 80)

1.1 Project age (8%; 50)
Launched on mainnet from 2020 Oct, alive for 7 months.
1.2 Past exploits (8%; 100)
Was never attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 100)
CTO, Yaron Velner, started software programming from 2005

2. Exposure (Weight 25%; Score 31.2)

2.1 Historical TVL (17.5%; 26)
Average market share in the past 2Q: 0.3%, less than 0.1%
Data collected from B.Protocol | Stats, Charts and Guide | DeFi Pulse
2.2 Industry segment (5%; 40)
B.Protocol is a yield aggregator
2.3 Infrastructure (2.5%; 50)
Out of business nature, heavy oracles are needed for price feed

3. Audit (Weight 35%; Score 78)

Audit report available on: audits/Audit Report - Backstop Protocol [02.10.2020].pdf at master · solidified-platform/audits · GitHub
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 30)
Audited by Solidified, Tier 3 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 5)
Audit done before deployment

4. Code quality (Weight 15%; Score 75)

Repository on github: GitHub - backstop-protocol/dss-cdp-manager
4.1 Documentation
Top level documentation exists. Minimal comments in explaining how the code connects to the oriented functions
4.2 Test
Test done but code coverage not visible

5. Developer community (Weight 5%; Score 60)

5.1 Bug bounty program (3.5%; 60)
Exists. Reward up to $20,000
5.2 Issues raised on Github (1.5%; 60)
4 issues raised on github repository

The N-SCOSS for Compound is 65.35, level 3