Security Rating Level: 5
Evaluation Date: September 30th, 2021

1. History & Team (Weight 20%; Score 92)

1.1 Project age (8%; 80)
Launched on Polygon in 2021 March, alive for 7 months.
1.2 Past exploits (8%; 100)
Never got Attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 100)
Full stack blockchain developer, started software engineering from 2011

2. Exposure (Weight 25%; Score 85.5)

2.1 Historical TVL (17.5%; 90)
Average market share in the past 2Q: 37.5%, 50.4%
Data collected from DeBank | DeFi Wallet for Ethereum Users
2.2 Industry segment (5%; 80)
AAVE is a lending protocol
2.3 Infrastructure (2.5%; 65)
Use single decentralised oracle to feed price, no sanity check

3. Audit (Weight 35%; Score 97)

Audit report available on: Security & Audits - Developers
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 100)
Audited by MixBytes, PeckShield, Certik and Consensys Diligence, Tier 1 audit firm
3.3 Audit findings (10.5%; 40)
Critical issues found in audit, but all fixed by team
3.4 Other credits (up to additive 5.25%; 15)
Core smart contracts audited by multiple firms, Formal verification done, audit done before employment

4. Code quality (Weight 15%; Score 95)

Repository on github: GitHub - aave/protocol-v2: Aave Protocol V2
4.1 Documentation
Good documentation, clear comments and tracebility
4.2 Test
Test done but code coverage not visible

5. Developer community (Weight 5%; Score 100)

5.1 Bug bounty program (3.5%; 100)
Exists. Reward up to $250,000
5.2 Issues raised on Github (1.5%; 100)
35 issues raised on github repository

The N-SCOSS for Compound is 92.975, level 5