Security Rating Level: 2
Evaluation Date: Mar 31st, 2021

1. History & Team (Weight 20%; Score 72)

1.1 Project age (8%; 50)
Launched on mainnet from 2020 Nov, alive for 5 months.
1.2 Past exploits (8%; 100)
Was never attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 20)
Unknown

2. Exposure (Weight 25%; Score 33.7)

2.1 Historical TVL (17.5%; 16)
Average market share in the past 1Q: 0.2%
Data collected from BoringDAO
2.2 Industry segment (5%; 80)
BoringDAO is an on-chain liquidity underwriter (category: other)
2.3 Infrastructure (2.5%; 65)
Oracle is needed for price feed. Single decentralised oracle

3. Audit (Weight 35%; Score 73)

Audit report available on: publications/PeckShield-Audit-Report-BoringDAO-1.0-2020-89.pdf at master · peckshield/publications · GitHub
3.1 Transparency and scope (14%; 100)
Full scope audit done. Report is public
3.2 Audit firm trust score (10.5%; 30)
Audited by Peckshield, Tier 3 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 0)
N/A

4. Code quality (Weight 15%; Score 50)

Repository on github: not found
4.1 Documentation
Poor documentation
4.2 Test
Test done but code coverage not visible

5. Developer community (Weight 5%; Score 42)

5.1 Bug bounty program (3.5%; 60)
Exists. Reward up to $10,000
5.2 Issues raised on Github (1.5%; 0)
0 issues raised on github repository

The N-SCOSS for Compound is 57.975, level 2

BoringDAO is rated at security level at 3, as re-evaluated on 2021 December 20th.

BoringDAO gained higher score in pillar 1 by lasting stably for another 9 months, and also occurring no attacks after last evaluation. Besides, a more active developer activity indicated by increased rewards in bug bounty led to a score increase in pillar 5. Overall these improvement resulted in an upgrade in security level.

Below are the details of updated rating for BoringDAO based on data up to 2021 December 20th.

Security Rating Level: 3
Evaluation Date: Dec 20th, 2021

1. History & Team (Weight 20%; Score 84)

1.1 Project age (8%; 80)
Launched on mainnet from 2020 Nov, alive for 14 months.
1.2 Past exploits (8%; 100)
Was never attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 20)
Unknown

2. Exposure (Weight 25%; Score 50.5)

2.1 Historical TVL (17.5%; 40)
Average market share in the past 4Q: less than 0.1%, less than 0.1%, less than 0.1%, less than 0.1%
Data collected from Boringdao Protocol: TVL and stats - DefiLlama
2.2 Industry segment (5%; 80)
BoringDAO is an on-chain liquidity underwriter (category: other)
2.3 Infrastructure (2.5%; 65)
Oracle is needed for price feed. Single decentralised oracle

3. Audit (Weight 35%; Score 73)

Audit report available on: publications/PeckShield-Audit-Report-BoringDAO-1.0-2020-89.pdf at master · peckshield/publications · GitHub
3.1 Transparency and scope (14%; 100)
Full scope audit done. Report is public
3.2 Audit firm trust score (10.5%; 30)
Audited by Peckshield, Tier 3 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 0)
N/A

4. Code quality (Weight 15%; Score 50)

Repository on github: GitHub - BoringDAO/boringDAO-contract
4.1 Documentation
Poor documentation
4.2 Test
Test done but code coverage not visible

5. Developer community (Weight 5%; Score 70)

5.1 Bug bounty program (3.5%; 100)
Exists. Reward up to $520,000
5.2 Issues raised on Github (1.5%; 0)
0 issues raised on github repository

The N-SCOSS for Compound is 65.975, level 3