[Ethereum] dHedge - Security Rating 3

Security Rating Level: 2
Evaluation Date: Mar 31st, 2021

1. History & Team (Weight 20%; Score 72)

1.1 Project age (8%; 50)
Launched on mainnet from 2020 Oct, alive for 6 months.
1.2 Past exploits (8%; 100)
Was never attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 20)
Unknown

2. Exposure (Weight 25%; Score 31.2)

2.1 Historical TVL (17.5%; 26)
Average market share in the past 2Q: 0.1%, less than 0.1%
Data collected from https://defipulse.com/dhedge
2.2 Industry segment (5%; 40)
dHedge is a yield aggregator
2.3 Infrastructure (2.5%; 50)
Multiple decentralized oracles for price feed, primarily Chainlink

3. Audit (Weight 35%; Score 78)

Audit report available on: dHedge Platform Smart Contract Audit | iosiro
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 30)
Audited by iosiro, Tier 3 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 5)
Audit done before deployment

4. Code quality (Weight 15%; Score 50)

Repository on github: GitHub - dhedge/dhedge-token-solidity: This is the repo for dHedge DAO token
4.1 Documentation
Top level documentation exists. Minimal comments in explaining how the code connects to the oriented functions.
4.2 Test
Test done and code coverage is 88%

5. Developer community (Weight 5%; Score 56)

5.1 Bug bounty program (3.5%; 80)
Exists. Reward up to $50,000
5.2 Issues raised on Github (1.5%; 0)
0 issues raised on github repository

The N-SCOSS for Compound is 59.8, level 2

dHedge is rated at security level at 3, as re-evaluated on 2021 December 20th.

dHedge gained higher score in pillar 1 by lasting stably for another 9 months, and also occurring no attacks after last evaluation. Besides, dHedge obtained an audit from Certik, resulting in an improved score in Pillar 3. Overall these improvement resulted in an upgrade in security level.

Below are the details of updated rating for dHedge based on data up to 2021 December 20th.


Security Rating Level: 3
Evaluation Date: Dec 20th, 2021

1. History & Team (Weight 20%; Score 84)

1.1 Project age (8%; 80)
Launched on mainnet from 2020 Oct, alive for 15 months.
1.2 Past exploits (8%; 100)
Was never attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 20)
Unknown

2. Exposure (Weight 25%; Score 41)

2.1 Historical TVL (17.5%; 40)
Average market share in the past 4Q: less than 0.1%, less than 0.1%, less than 0.1%, less than 0.1%
Data collected from Dhedge Protocol: TVL and stats - DefiLlama
2.2 Industry segment (5%; 40)
dHedge is a yield aggregator
2.3 Infrastructure (2.5%; 50)
Multiple decentralized oracles for price feed, primarily Chainlink

3. Audit (Weight 35%; Score 95)

Audit report available on: dHedge Platform Smart Contract Audit | iosiro
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 70)
Audited by iosiro and Certik, Tier 2 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 10)
Audit done before deployment, multiple review

4. Code quality (Weight 15%; Score 50)

Repository on github: GitHub - dhedge/dhedge-token-solidity: This is the repo for dHedge DAO token
4.1 Documentation
Top level documentation exists. Minimal comments in explaining how the code connects to the oriented functions.
4.2 Test
Test done and code coverage is 88%

5. Developer community (Weight 5%; Score 56)

5.1 Bug bounty program (3.5%; 80)
Exists. Reward up to $50,000
5.2 Issues raised on Github (1.5%; 0)
0 issues raised on github repository

The N-SCOSS for Compound is 70.6, level 3