Security Rating Level: 3
Evaluation Date: Mar 31st, 2021

1. History & Team (Weight 20%; Score 72)

1.1 Project age (8%; 80)
Launched on mainnet from 2020 Jan, alive for 15 months.
1.2 Past exploits (8%; 50)
Was attacked once
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 100)
CTO, Steve Guo, started software proramming from 2005

2. Exposure (Weight 25%; Score 52.5)

2.1 Historical TVL (17.5%; 40)
Average market share in the past 4Q: 0.5%, 0.3%, 0.3%, 0.4%
Data collected from Loopring | Stats, Charts and Guide | DeFi Pulse
2.2 Industry segment (5%; 90)
Loopring is an exchange
2.3 Infrastructure (2.5%; 65)
Oracle is needed for price feed (Chainlink & Band Protocol), multiple decentralised oracles

3. Audit (Weight 35%; Score 78)

Audit report available on: protocols/packages/loopring_v3/security_audit at master · Loopring/protocols · GitHub
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 30)
Audited by Least Authority and Secbit, Tier 3 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 5)
Audit done before deployment

4. Code quality (Weight 15%; Score 50)

Repository on github: protocols/packages/loopring_v3 at master · Loopring/protocols · GitHub
4.1 Documentation
Top level documentation exists. Minimal comments in explaining how the code connects to the oriented functions
4.2 Test
Full test suite exists, but code coverage not visible

5. Developer community (Weight 5%; Score 60)

5.1 Bug bounty program (3.5%; 60)
Exists. Reward up to $25,000
5.2 Issues raised on Github (1.5%; 60)
5 issues raised on github repository

The N-SCOSS for Compound is 65.325, level 3

Loopring v3 remained its security level at 3, as re-evaluated on 2021 December 20th.

No hack happened after last evaluation, resulting in a score increase in pillar 1 as the number of attack happened in the past 12 month dropped from 1 to 0. Pillar 5 score is increased by 29 as a consequence of higher bug bounty reward (due to LRC token appreciated price) and largely increased number of issues under discussion. Overall N-SCOSS is improved.

Below are the details of updated rating for Loopring v3 based on data up to 2021 December 20th.

Security Rating Level: 3
Evaluation Date: Dec 20th, 2021

1. History & Team (Weight 20%; Score 92)

1.1 Project age (8%; 80)
Launched on mainnet from 2020 Jan, alive for 24 months.
1.2 Past exploits (8%; 100)
In the past 12 months, Loopring was not attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 100)
CTO, Steve Guo, started software proramming from 2005

2. Exposure (Weight 25%; Score 52.5)

2.1 Historical TVL (17.5%; 40)
Average market share in the past 4Q: 0.2%, 0.2%, 0.2%, 0.2%
Data collected from Loopring Protocol: TVL and stats - DefiLlama
2.2 Industry segment (5%; 90)
Loopring is an exchange
2.3 Infrastructure (2.5%; 65)
Oracle is needed for price feed (Chainlink & Band Protocol), multiple decentralised oracles

3. Audit (Weight 35%; Score 78)

Audit report available on: protocols/packages/loopring_v3/security_audit at master · Loopring/protocols · GitHub
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 30)
Audited by Least Authority and Secbit, Tier 3 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 5)
Audit done before deployment

4. Code quality (Weight 15%; Score 50)

Repository on github: protocols/packages/loopring_v3 at master · Loopring/protocols · GitHub
4.1 Documentation
Top level documentation exists. Minimal comments in explaining how the code connects to the oriented functions
4.2 Test
Full test suite exists, but code coverage not visible

5. Developer community (Weight 5%; Score 86)

5.1 Bug bounty program (3.5%; 80)
Exists. Reward up to $100,000
5.2 Issues raised on Github (1.5%; 100)
348 issues raised on github repository
(Note that the count of number of issues was different from last evaluation, changing from counting open issues only to open+closed issues. Such adjustment is to better reflect all historical discussion in github repository and hence a more precise measure of the developer activity)

The N-SCOSS for Compound is 70.625, level 3