Security Rating Level: 4
Evaluation Date: September 20th, 2021
1. History & Team (Weight 20%; Score 75)
1.1 Project age (8%; 50)
Launched on mainnet from 2021 May, alive for 8 months.
1.2 Past exploits (8%; 100)
In the past 12 months, Uniswap v3 has not been attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 50)
Lead engineer started software proramming from 2016
2. Exposure (Weight 25%; Score 73.6)
2.1 Historical TVL (17.5%; 68)
Average market share in the past 3Q: 6.0%, 6.3%, 7.3%
Data collected from Uniswap Protocol: TVL and stats - DefiLlama
2.2 Industry segment (5%; 90)
Uniwap is an exchange
2.3 Infrastructure (2.5%; 80)
No oracle needed for price feed
3. Audit (Weight 35%; Score 83)
Audit report available on: v3-core/audits at main · Uniswap/v3-core · GitHub
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 70)
Audited by ABDK and Trail of Bits, Tier 2 audit firm
3.3 Audit findings (10.5%; 40)
Critical issues were found in audit (by Trail of Bits)
3.4 Other credits (up to additive 5.25%; 10)
Core smart contracts audited by multiple firms. Audit done before deployment
4. Code quality (Weight 15%; Score 85)
Repository on github: GitHub - Uniswap/v3-core: 🦄 🦄 🦄 Core smart contracts of Uniswap v3
4.1 Documentation
Top level documentation is detailed and clear.Minimal comments in explaining how the code connects to the oriented functions.
4.2 Test
Full test suite exists but code coverage not visible
5. Developer community (Weight 5%; Score 100)
5.1 Bug bounty program (3.5%; 100)
Exists. Reward up to $500,000
5.2 Issues raised on Github (1.5%; 100)
197 issues raised on github repository
The N-SCOSS for Compound is 80.2, level 4