[Ethereum] Pendle - Security Rating 2

Security Rating Level: 2
Evaluation Date: Dec 20th, 2021

1. History & Team (Weight 20%; Score 72)

1.1 Project age (8%; 50)
Launched on mainnet from 2021 Apr, alive for 9 months.
1.2 Past exploits (8%; 100)
Was never attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 20)
Unknown

2. Exposure (Weight 25%; Score 36.8)

2.1 Historical TVL (17.5%; 30)
Average market share in the past 4Q: less than 0.1%, less than 0.1%, less than 0.1%
Data collected from Pendle Protocol: TVL and stats - DefiLlama
2.2 Industry segment (5%; 40)
Pendle is a yield aggregator
2.3 Infrastructure (2.5%; 50)
Out of business nature, heavy oracles are needed for price feed

3. Audit (Weight 35%; Score 73)

Audit report available on: https://leastauthority.com/static/publications/LeastAuthority_Pendle_Protocol_Pendle_Smart_Contracts_Final_Audit_Report.pdf
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 30)
Audited by Least Authority, Tier 3 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 0)
N/A

4. Code quality (Weight 15%; Score 60)

Repository on github: GitHub - pendle-finance/pendle-core: Core smart contracts for the Pendle Protocol.
4.1 Documentation
Top level documentation exists
4.2 Test
Test done but code coverage not visible

5. Developer community (Weight 5%; Score 97)

5.1 Bug bounty program (3.5%; 100)
Exists. Rewards up to $250,000
5.2 Issues raised on Github (1.5%; 90)
28 issues raised on github repository

The N-SCOSS for Compound is 63, level 2