[Ethereum] Loopring - Security Rating 3

Security Rating Level: 3
Evaluation Date: Mar 31st, 2021

1. History & Team (Weight 20%; Score 72)

1.1 Project age (8%; 80)
Launched on mainnet from 2020 Jan, alive for 15 months.
1.2 Past exploits (8%; 50)
Was attacked once
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 100)
CTO, Steve Guo, started software proramming from 2005

2. Exposure (Weight 25%; Score 52.5)

2.1 Historical TVL (17.5%; 40)
Average market share in the past 4Q: 0.5%, 0.3%, 0.3%, 0.4%
Data collected from Loopring | Stats, Charts and Guide | DeFi Pulse
2.2 Industry segment (5%; 90)
Loopring is an exchange
2.3 Infrastructure (2.5%; 65)
Oracle is needed for price feed (Chainlink & Band Protocol), multiple decentralised oracles

3. Audit (Weight 35%; Score 78)

Audit report available on: protocols/packages/loopring_v3/security_audit at master · Loopring/protocols · GitHub
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 30)
Audited by Least Authority and Secbit, Tier 3 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 5)
Audit done before deployment

4. Code quality (Weight 15%; Score 50)

Repository on github: protocols/packages/loopring_v3 at master · Loopring/protocols · GitHub
4.1 Documentation
Top level documentation exists. Minimal comments in explaining how the code connects to the oriented functions
4.2 Test
Full test suite exists, but code coverage not visible

5. Developer community (Weight 5%; Score 60)

5.1 Bug bounty program (3.5%; 60)
Exists. Reward up to $25,000
5.2 Issues raised on Github (1.5%; 60)
5 issues raised on github repository

The N-SCOSS for Compound is 65.325, level 3