[Ethereum] KeeperDAO - Security Rating 3

Security Rating Level: 1
Evaluation Date: Mar 31st, 2021

1. History & Team (Weight 20%; Score 80)

1.1 Project age (8%; 50)
Launched on mainnet from 2020 Nov, alive for 5 months.
1.2 Past exploits (8%; 100)
Was never attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 100)
CTO, Joey Zacherl, started software engineering from 2011

2. Exposure (Weight 25%; Score 29.8)

2.1 Historical TVL (17.5%; 20)
Average market share in the past 1Q: 0.7%
Data collected from KeeperDAO
2.2 Industry segment (5%; 40)
KeeperDAO is a earning protocol
2.3 Infrastructure (2.5%; 50)
Out of business nature, heavy oracles are needed for price feed

3. Audit (Weight 35%; Score 50)

Audit report available on: not public
3.1 Transparency and scope (14%; 0)
Report is not public
3.2 Audit firm trust score (10.5%; 70)
Audited by Peckshield and Quantstamp, Tier 2 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 5)
Audit done before deployment

4. Code quality (Weight 15%; Score 50)

Repository on github: not found
4.1 Documentation
Code not on github, but found on Etherscan. Logic is simple and clear
4.2 Test
Test files cannot be found, while Quantstamp mentioned in the audit report that the test code coverage is 83%

5. Developer community (Weight 5%; Score 0)

5.1 Bug bounty program (3.5%; 0)
Not exists
5.2 Issues raised on Github (1.5%; 0)
0 issues raised on github repository

The N-SCOSS for Compound is 48.45, level 1

KeeperDAO is rated at security level at 3, as re-evaluated on 2021 December 20th.

Key contributor leading to the upgrade is that KeeperDAO published its audit report from PeckShield and Quantstamp, resulting in a 40 score up in Pillar 3. Besides, it lasted stably for another 9 months, thus gained higher mark in Pillar 2. Overall these improvement resulted in an upgrade in security level.

Below are the details of updated rating for KeeperDAO based on data up to 2021 December 20th.


Security Rating Level: 3
Evaluation Date: Dec 20th, 2021

1. History & Team (Weight 20%; Score 92)

1.1 Project age (8%; 80)
Launched on mainnet from 2020 Nov, alive for 14 months.
1.2 Past exploits (8%; 100)
Was never attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 100)
CTO, Joey Zacherl, started software engineering from 2011

2. Exposure (Weight 25%; Score 41)

2.1 Historical TVL (17.5%; 40)
Average market share in the past 4Q: 0.2%, 0.2%, 0.3%, 0.4%
Data collected from Keeperdao Protocol: TVL and stats - DefiLlama
2.2 Industry segment (5%; 40)
KeeperDAO is a earning protocol
2.3 Infrastructure (2.5%; 50)
Out of business nature, heavy oracles are needed for price feed

3. Audit (Weight 35%; Score 90)

Audit report available on: docs/audits at master · keeperdao/docs · GitHub
3.1 Transparency and scope (14%; 100)
Report is publicly available
3.2 Audit firm trust score (10.5%; 70)
Audited by Peckshield and Quantstamp, Tier 2 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 5)
Audit done before deployment

4. Code quality (Weight 15%; Score 50)

Repository on github: not found
4.1 Documentation
Code not on github, but found on Etherscan. Logic is simple and clear
4.2 Test
Test files cannot be found, while Quantstamp mentioned in the audit report that the test code coverage is 83%

5. Developer community (Weight 5%; Score 0)

5.1 Bug bounty program (3.5%; 0)
Not exists
5.2 Issues raised on Github (1.5%; 0)
0 issues raised on github repository

The N-SCOSS for Compound is 67.65, level 3