[Ethereum] Balancer v2 - Security Rating 3

Security Rating Level: 3
Evaluation Date: May 9th, 2021

1. History & Team (Weight 20%; Score 64)

1.1 Project age (8%; 30)
Launched on mainnet from 2021 April, alive for 11 months.
1.2 Past exploits (8%; 100)
Was never attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 20)
Unknown

2. Exposure (Weight 25%; Score 35.7)

2.1 Historical TVL (17.5%; 16)
Average market share in the past 1Q: less than 0.1%
Data collected from DeBank | DeFi Wallet for Ethereum Users
2.2 Industry segment (5%; 90)
Balancer is an exchange
2.3 Infrastructure (2.5%; 65)
Oracle is needed for price feed (Chainlink), a decentralised single oracle

3. Audit (Weight 35%; Score 92)

Audit report available on: balancer-v2-monorepo/audits at master · balancer-labs/balancer-v2-monorepo · GitHub
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 100)
Audited by OpenZepplin, Trail of Bits and Certora, Tier 1 audit firm
3.3 Audit findings (10.5%; 40)
Critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 0)
Core smart contracts audited by multiple firms, audit done before deployment

4. Code quality (Weight 15%; Score 65)

Repository on github: GitHub - balancer-labs/balancer-v2-monorepo: Balancer V2 Monorepo
4.1 Documentation
Top level documentation exists. Minimal comments in explaining how the code connects to the oriented functions
4.2 Test
Full test suite exists., 96% code coverage

5. Developer community (Weight 5%; Score 88)

5.1 Bug bounty program (3.5%; 100)
Exists. Reward up to $2,000,000
5.2 Issues raised on Github (1.5%; 60)
4 issues raised on github repository

The N-SCOSS for Compound is 68.075, level 3