Security Rating Level: 3
Evaluation Date: Mar 31st, 2021

1. History & Team (Weight 20%; Score 67)

1.1 Project age (8%; 80)
Launched on mainnet from 2019 May, alive for 23 months.
1.2 Past exploits (8%; 50)
Was attacked once
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 50)
CTO, Roxana D., started software engineering from 2014

2. Exposure (Weight 25%; Score 66.5)

2.1 Historical TVL (17.5%; 60)
Average market share in the past 4Q: 0.7%, 0.7%, 0.7%, 0.6%
Data collected from Nexus Mutual | Stats, Charts and Guide | DeFi Pulse
2.2 Industry segment (5%; 90)
Nexus Mutual is an insurance protocol
2.3 Infrastructure (2.5%; 65)
Oracle is needed for price feed (Chainlink), a decentralised single oracle

3. Audit (Weight 35%; Score 66)

Audit report available on: GitHub - NexusMutual/smart-contracts
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 30)
Audited by Solidified and G0 Group, Tier 3 audit firm
3.3 Audit findings (10.5%; 40)
Critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 5)
Audit done before deployment

4. Code quality (Weight 15%; Score 65)

Repository on github: GitHub - NexusMutual/smart-contracts
4.1 Documentation
Document illustrating code design exists. Code has some comments but not enough
4.2 Test
Test done, no code coverage visible

5. Developer community (Weight 5%; Score 71)

5.1 Bug bounty program (3.5%; 80)
Exists. Reward up to $50,000
5.2 Issues raised on Github (1.5%; 50)
2 issues raised on github repository

The N-SCOSS for Compound is 66.425, level 3

Nexus Mutual remained its security level at 3, as re-evaluated on 2021 December 20th.

No hack happened after last evaluation, resulting in a score increase in pillar 1 as the number of attack happened in the past 12 month dropped from 1 to 0. Market share dropped from ~0.7% to ~0.4%, so pillar 2 score got negatively impacted. However, overall the influence is insignificant and the protocol stayed in the same security level as last evaluation.

Below are the details of updated rating for Nexus Mutual based on data up to 2021 December 20th.

Security Rating Level: 3
Evaluation Date: Dec 20th, 2021

1. History & Team (Weight 20%; Score 95)

1.1 Project age (8%; 100)
Launched on mainnet from 2019 May, alive for 32 months.
1.2 Past exploits (8%; 100)
In the past 12 months, Nexus Mutual was not attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 50)
CTO, Roxana D., started software engineering from 2014

2. Exposure (Weight 25%; Score 54.6)

2.1 Historical TVL (17.5%; 43)
Average market share in the past 4Q: 0.4%, 0.4%, 0.5%, 0.5%
Data collected from Nexus-mutual Protocol: TVL and stats - DefiLlama
2.2 Industry segment (5%; 90)
Nexus Mutual is an insurance protocol
2.3 Infrastructure (2.5%; 65)
Oracle is needed for price feed (Chainlink), a decentralised single oracle

3. Audit (Weight 35%; Score 66)

Audit report available on: GitHub - NexusMutual/smart-contracts
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 30)
Audited by Solidified and G0 Group, Tier 3 audit firm
3.3 Audit findings (10.5%; 40)
Critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 5)
Audit done before deployment

4. Code quality (Weight 15%; Score 65)

Repository on github: GitHub - NexusMutual/smart-contracts
4.1 Documentation
Document illustrating code design exists. Code has some comments but not enough
4.2 Test
Test done, no code coverage visible

5. Developer community (Weight 5%; Score 71)

5.1 Bug bounty program (3.5%; 80)
Exists. Reward up to $50,000
5.2 Issues raised on Github (1.5%; 50)
3 issues raised on github repository
(Note that the count of number of issues was different from last evaluation, changing from counting open issues only to open+closed issues. Such adjustment is to better reflect all historical discussion in github repository and hence a more precise measure of the developer activity)

The N-SCOSS for Compound is 69.05, level 3