Security Rating Level: 3
Evaluation Date: May 25th, 2021

1. History & Team (Weight 20%; Score 45)

1.1 Project age (8%; 50)
Launched on mainnet from 2020 September, alive for 9 months.
1.2 Past exploits (8%; 50)
Was Attacked 1 time in 2021 April (~$1.8mil loss)
1.3 Team anonymity (2%; 30)
Team are anonymous
1.4 Team experience in programming (2%; 20)
As the team are anonymous, developers’ background is unknown

2. Exposure (Weight 25%; Score 85.5)

2.1 Historical TVL (17.5%; 85)
Average market share on BSC in the past 3Q: 44.5%, 41.9%, 47.6%
Data collected from DeBank | DeFi Wallet for Ethereum Users
2.2 Industry segment (5%; 90)
Pancake is an exchange protocol
2.3 Infrastructure (2.5%; 80)
No oracle required

3. Audit (Weight 35%; Score 73)

Audit report available on: CertiK Security Leaderboard - PancakeSwap
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 30)
Audited by Certik, Tier 3 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues found in audit
3.4 Other credits (up to additive 5.25%; 0)
No credit

4. Code quality (Weight 15%; Score 40)

Repository on github: GitHub - pancakeswap/pancake-farm
4.1 Documentation
No top level documentation exists. Minimal comments in explaining how the code connects to the oriented functions. Full test suite exists.
4.2 Test
Comprehensive test done, with code coverage 90%

5. Developer community (Weight 5%; Score 92.5)

5.1 Bug bounty program (3.5%; 100)
Exists. Reward up to $1,000,000
5.2 Issues raised on Github (1.5%; 75)
6 issues raised on github repository.

The N-SCOSS for Pancake Swap is 66.55, level 3