Security Rating Level: 3
Evaluation Date: Dec 20th, 2021

1. History & Team (Weight 20%; Score 72)

1.1 Project age (8%; 80)
Launched on mainnet from 2021 Feb, alive for 11 months.
1.2 Past exploits (8%; 50)
Was attacked once in 2021 March (loss ~$500k)
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 100)
CTO, Aladdin Zhang, started engineering from 2010

2. Exposure (Weight 25%; Score 52.5)

2.1 Historical TVL (17.5%; 40)
Average market share in the past 3Q: 0.1%, 0.1%, 0.1%, 0.1%
Data collected from Dodo Protocol: TVL and stats - DefiLlama
2.2 Industry segment (5%; 90)
Dodo is an exchange
2.3 Infrastructure (2.5%; 65)
Oracle is needed for price feed (Chainlink), a decentralised single oracle

3. Audit (Weight 35%; Score 90)

Audit report available on: Audit | DODO Docs
3.1 Transparency and scope (14%; 100)
Full scope audit, and report is public
3.2 Audit firm trust score (10.5%; 70)
Audited by PeckShield, Slowmist and Beosin, Tier 2 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 5)
Core smart contracts audited by multiple firms

4. Code quality (Weight 15%; Score 50)

Repository on github: GitHub - DODOEX/contractV2: Smart contracts for DODOEX V2
4.1 Documentation
Top level documentation exists but the explanation is very few. Comments are insufficient
4.2 Test
Full test suite exists, but code coverage not visible

5. Developer community (Weight 5%; Score 78)

5.1 Bug bounty program (3.5%; 90)
Exists. Reward up to $200,000
5.2 Issues raised on Github (1.5%; 50)
3 issues raised on github repository

The N-SCOSS for Compound is 70.425, level 3