Security Rating Level: 4
Evaluation Date: September 30th, 2021

1. History & Team (Weight 20%; Score 76)

1.1 Project age (8%; 60)
Launched on Polygon in 2021 May, alive for 5 months.
1.2 Past exploits (8%; 100)
Was never attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 20)
Unknown

2. Exposure (Weight 25%; Score 53.9)

2.1 Historical TVL (17.5%; 42)
Average market share in the past 1Q: 3.3%
Data collected from DeBank | DeFi Wallet for Ethereum Users
2.2 Industry segment (5%; 90)
Balancer is an exchange
2.3 Infrastructure (2.5%; 65)
Oracle is needed for price feed (Chainlink), a decentralised single oracle

3. Audit (Weight 35%; Score 92)

Audit report available on: balancer-v2-monorepo/audits at master · balancer-labs/balancer-v2-monorepo · GitHub
3.1 Transparency and scope (14%; 100)
Full scope audit done, and report is public
3.2 Audit firm trust score (10.5%; 100)
Audited by OpenZepplin, Trail of Bits and Certora, Tier 1 audit firm
3.3 Audit findings (10.5%; 40)
Critical issues were found in audit
3.4 Other credits (up to additive 5.25%; 10)
Core smart contracts audited by multiple firms, audit done before deployment

4. Code quality (Weight 15%; Score 95)

Repository on github: GitHub - balancer-labs/balancer-v2-monorepo: Balancer V2 Monorepo
4.1 Documentation
Top level documentation exists and is very clear. Sufficient and detailed comments in explaining how the code connects to the oriented functions
4.2 Test
Full test suite exists., 96% code coverage

5. Developer community (Weight 5%; Score 88)

5.1 Bug bounty program (3.5%; 100)
Exists. Reward up to $2,000,000
5.2 Issues raised on Github (1.5%; 100)
40 issues raised on github repository

The N-SCOSS for Compound is 80.125, level 4