Security Rating Level: 3
Evaluation Date: May 9th, 2021

1. History & Team (Weight 20%; Score 64)

1.1 Project age (8%; 30)
Launched on mainnet from 2021 April, alive for 1 months.
1.2 Past exploits (8%; 100)
Was never attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 20)
Unknown

2. Exposure (Weight 25%; Score 35.7)

2.1 Historical TVL (17.5%; 16)
Average market share in the past 1Q: less than 0.1%
Data collected from DeBank | DeFi Wallet for Ethereum Users
2.2 Industry segment (5%; 90)
Balancer is an exchange
2.3 Infrastructure (2.5%; 65)
Oracle is needed for price feed (Chainlink), a decentralised single oracle

3. Audit (Weight 35%; Score 92)

Audit report available on: balancer-v2-monorepo/audits at master · balancer-labs/balancer-v2-monorepo · GitHub
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 100)
Audited by OpenZepplin, Trail of Bits and Certora, Tier 1 audit firm
3.3 Audit findings (10.5%; 40)
Critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 10)
Core smart contracts audited by multiple firms, audit done before deployment

4. Code quality (Weight 15%; Score 65)

Repository on github: GitHub - balancer-labs/balancer-v2-monorepo: Balancer V2 Monorepo
4.1 Documentation
Top level documentation exists. Minimal comments in explaining how the code connects to the oriented functions
4.2 Test
Full test suite exists., 96% code coverage

5. Developer community (Weight 5%; Score 88)

5.1 Bug bounty program (3.5%; 100)
Exists. Reward up to $2,000,000
5.2 Issues raised on Github (1.5%; 60)
4 issues raised on github repository

The N-SCOSS for Compound is 68.075, level 3

Balancer v2 is rated at security level at 4, as re-evaluated on 2021 December 20th.

In last evaluation conducted in May, Balancer v2 was just launched so its score in pillar 2 was very low. The past 8 months saw a stable market share of Balancer at around 2%, therefore the pillar 2 score increase by 24.5. Besides, I took a careful look at the documentation, and concluded the code was well explained by a high level docs, so pillar 4 score also got improved. A more active developer activity indicated by 235 issues under discussion led to a score increase of 15 in pillar 5. Overall these improvement resulted in an upgrade in security level.

Below are the details of updated rating for Balancer v2 based on data up to 2021 December 20th.

Security Rating Level: 4
Evaluation Date: Dec 20th, 2021

1. History & Team (Weight 20%; Score 72)

1.1 Project age (8%; 50)
Launched on mainnet from 2021 April, alive for 9 months.
1.2 Past exploits (8%; 100)
In the past 12 months, Balancer v2 was never attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 20)
Unknown

2. Exposure (Weight 25%; Score 60.2)

2.1 Historical TVL (17.5%; 51)
Average market share in the past 3Q: 2.1%, 2.4%, 2.6%
Data collected from DeBank | DeFi Wallet for Ethereum Users
2.2 Industry segment (5%; 90)
Balancer v2 is an exchange
2.3 Infrastructure (2.5%; 65)
Oracle is needed for price feed (Chainlink), a decentralised single oracle

3. Audit (Weight 35%; Score 92)

Audit report available on: balancer-v2-monorepo/audits at master · balancer-labs/balancer-v2-monorepo · GitHub
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 100)
Audited by OpenZepplin, Trail of Bits and Certora, Tier 1 audit firm
3.3 Audit findings (10.5%; 40)
Critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 10)
Core smart contracts audited by multiple firms, audit done before deployment

4. Code quality (Weight 15%; Score 90)

Repository on github: GitHub - balancer-labs/balancer-v2-monorepo: Balancer V2 Monorepo
4.1 Documentation
Excellent documentation
4.2 Test
Full test suite exists, with 96% code coverage

5. Developer community (Weight 5%; Score 100)

5.1 Bug bounty program (3.5%; 100)
Exists. Reward up to $2,000,000
5.2 Issues raised on Github (1.5%; 100)
235 issues raised on github repository
(Note that the count of number of issues was different from last evaluation, changing from counting open issues only to open+closed issues. Such adjustment is to better reflect all historical discussion in github repository and hence a more precise measure of the developer activity)

The N-SCOSS for Compound is 80.15, level 4