[Ethereum] Bancor - Security Rating 4

Security Rating Level: 4
Evaluation Date: Mar 31st, 2021

1. History & Team (Weight 20%; Score 80)

1.1 Project age (8%; 100)
Launched on mainnet from 2017 Aug, alive for 44 months.
1.2 Past exploits (8%; 50)
Was attacked once
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 100)
CTO, Yudi Levi, started software proramming from 2011

2. Exposure (Weight 25%; Score 66.5)

2.1 Historical TVL (17.5%; 60)
Average market share in the past 4Q: 1.6%, 0.9%, 0.8%, 0.9%
Data collected from Bancor | Stats, Charts and Guide | DeFi Pulse
2.2 Industry segment (5%; 90)
Bancor is an exchange
2.3 Infrastructure (2.5%; 65)
Oracle is needed for price feed (Chainlink), a decentralised single oracle

3. Audit (Weight 35%; Score 87)

Audit report available on: Security - Bancor Network
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 100)
Audited by PeckShield, Certik, Halborn and Consensys Dilligence, Tier 1 audit firm
3.3 Audit findings (10.5%; 40)
Critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 5)
Core smart contracts audited by multiple firms

4. Code quality (Weight 15%; Score 90)

Repository on github: GitHub - bancorprotocol/contracts-solidity: Bancor Protocol Contracts
4.1 Documentation
Excellent top level documents with sufficient comments explaining the codes
4.2 Test
Full test suite exists, but code coverage not visible

5. Developer community (Weight 5%; Score 69)

5.1 Bug bounty program (3.5%; 60)
Exists. Reward up to $45,000
5.2 Issues raised on Github (1.5%; 90)
17 issues raised on github repository

The N-SCOSS for Compound is 80.025, level 4