Security Rating Level: 5
Evaluation Date: Mar 31st, 2021
1. History & Team (Weight 20%; Score 92)
1.1 Project age (8%; 100)
Launched on mainnet from 2017 December, alive for 40 months.
1.2 Past exploits (8%; 100)
Was never attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 20)
Unknown
2. Exposure (Weight 25%; Score 96)
2.1 Historical TVL (17.5%; 100)
Average market share in the past 4Q: 16.6%, 17.8%, 19.5%, 26.4%
Data collected from Maker | Stats, Charts and Guide | DeFi Pulse
2.2 Industry segment (5%; 85)
Maker is a lending protocol (no flashloan allowed)
2.3 Infrastructure (2.5%; 90)
Oracle is needed for price feed. Multiple centralised oracles.
3. Audit (Weight 35%; Score 100)
Audit report available on: mcd-security/Audit Reports at master · makerdao/mcd-security · GitHub
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 70)
Audited by Trail of Bits and PeckShield, Tier 2 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues found in audit
3.4 Other credits (up to additive 5.25%, 15)
Core smart contracts audited by multiple firms, Formal verification done, audit done before deployment
4. Code quality (Weight 15%; Score 80)
Repository on github: GitHub - makerdao/dss: Dai Stablecoin System
4.1 Documentation
Top level documentation is detailed and clear.Minimal comments in explaining how the code connects to the oriented functions.
4.2 Test
Full test suite exists, but code coverage not visible.
5. Developer community (Weight 5%; Score 86)
5.1 Bug bounty program (3.5%; 80)
Exists. Reward up to $100,000
5.2 Issues raised on Github (1.5%; 100)
50 issues raised on github repository.
The N-SCOSS for Compound is 93.7, level 5