Security Rating Level: 2
Evaluation Date: Mar 31st, 2021

1. History & Team (Weight 20%; Score 52)

1.1 Project age (8%; 50)
Launched on mainnet from 2020 Aug, alive for 8 months.
1.2 Past exploits (8%; 50)
Was attacked once
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 20)
Unknown

2. Exposure (Weight 25%; Score 48.3)

2.1 Historical TVL (17.5%; 34)
Average market share in the past 3Q: 0.1%, 0.2%, 0.2%
Data collected from DODO | Stats, Charts and Guide | DeFi Pulse
2.2 Industry segment (5%; 90)
Dodo is an exchange
2.3 Infrastructure (2.5%; 65)
Oracle is needed for price feed (Chainlink), a decentralised single oracle

3. Audit (Weight 35%; Score 85)

Audit report available on: dodo-smart-contract/audit at master · DODOEX/dodo-smart-contract · GitHub
3.1 Transparency and scope (14%; 100)
Full scope audit, and report is public
3.2 Audit firm trust score (10.5%; 70)
Audited by Trail of Bits andPeckShield, Tier 2 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 0)
N/A

4. Code quality (Weight 15%; Score 60)

Repository on github: GitHub - DODOEX/dodo-smart-contract
4.1 Documentation
Top level documentation exists. Minimal comments in explaining how the code connects to the oriented functions
4.2 Test
Full test suite exists, but code coverage not visible

5. Developer community (Weight 5%; Score 71)

5.1 Bug bounty program (3.5%; 80)
Exists. Reward up to $100,000
5.2 Issues raised on Github (1.5%; 50)
1 issues raised on github repository

The N-SCOSS for Compound is 64.775, level 2