Security Rating Level: 2
Evaluation Date: Mar 31st, 2021
1. History & Team (Weight 20%; Score 25)
1.1 Project age (8%; 50)
Launched on mainnet from 2020 September, alive for 7 months.
1.2 Past exploits (8%; 0)
Was attacked twice
1.3 Team anonymity (2%; 30)
Team are anonymous
1.4 Team experience in programming (2%; 20)
Unknown
2. Exposure (Weight 25%; Score 76.4)
2.1 Historical TVL (17.5%; 72)
Average market share in the past 3Q: 8.1%, 6.2%, 6.0%
Data collected from SushiSwap
2.2 Industry segment (5%; 90)
SushiSwap is an exchange
2.3 Infrastructure (2.5%; 80)
No oracle needed for price feed
3. Audit (Weight 35%; Score 90)
Audit report available on: GitHub - quantstamp/sushiswap-security-review and publications/PeckShield-Audit-Report-SushiSwap-v1.0.pdf at master · peckshield/publications · GitHub
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 70)
Audited by PeckShield and Quantstamp, Tier 2 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues found in audit
3.4 Other credits (up to additive 5.25%; 5)
Core smart contracts audited by multiple firms
4. Code quality (Weight 15%; Score 30)
Repository on github: GitHub - sushiswap/sushiswap: Sushiswap smart contracts 🍣 📝
4.1 Documentation
Documentation is not clear
4.2 Test
Test done but code coverage not visible
5. Developer community (Weight 5%; Score 85.5)
5.1 Bug bounty program (3.5%; 90)
Exists. Reward up to $150,000
5.2 Issues raised on Github (1.5%; 75)
8 issues raised on github repository
The N-SCOSS for Compound is 64.375, level 2