[Ethereum] RenVM - Security Rating 3

Security Rating Level: 3
Evaluation Date: Mar 31st, 2021

1. History & Team (Weight 20%; Score 87)

1.1 Project age (8%; 80)
Launched on mainnet from 2020 May, alive for 11 months.
1.2 Past exploits (8%; 100)
Was never attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 50)
CTO, Loong Wang, started software engineering from 2015

2. Exposure (Weight 25%; Score 64.5)

2.1 Historical TVL (17.5%; 60)
Average market share in the past 4Q: 2.0%, 2.3%, 1.9%, 1.7%
Data collected from RenVM | Stats, Charts and Guide | DeFi Pulse
2.2 Industry segment (5%; 80)
RenVM is a network of virtual computers that power interoperability for DeFi, enabling cross-chain lending, exchanges, collateralization & more (category: other)
2.3 Infrastructure (2.5%; 65)
Chainlink as oracle to feed price. Single decentralized oracle

3. Audit (Weight 35%; Score 87)

Audit report available on: Audits · renproject/ren Wiki · GitHub
3.1 Transparency and scope (14%; 100)
Full scope audit done. Report is public
3.2 Audit firm trust score (10.5%; 100)
Audited by ChainSecurity, Consensys Diligence and Trail of Bits, Tier 1 audit firm
3.3 Audit findings (10.5%; 40)
Critical issues were found in audit, but fixed by team
3.4 Other credits (up to additive 5.25%; 5)
Core smart contracts audited by multiple firms

4. Code quality (Weight 15%; Score 60)

Repository on github: GitHub - renproject/darknode-sol: An implementation of Darknode smart contracts, written in Solidity
4.1 Documentation
No top level documentation explaining the design of code. Minimal comments in explaining how the code connects to the oriented functions
4.2 Test
Full test suite and code coverage is 99%

5. Developer community (Weight 5%; Score 71)

5.1 Bug bounty program (3.5%; 80)
Exists. Reward up to $100,000
5.2 Issues raised on Github (1.5%; 50)
2 issues raised on github repository

The N-SCOSS for Compound is 76.525, level 3