Security Rating Level: 4
Evaluation Date: September 30, 2021

1. History & Team (Weight 20%; Score 92)

1.1 Project age (8%; 80)
Launched on Polygon in 2021 April, alive for 6 months.
1.2 Past exploits (8%; 100)
Never got Attacked
1.3 Team anonymity (2%; 100)
Team are public
1.4 Team experience in programming (2%; 100)
CEO, Michael Egorov, started software engineering from 2007

2. Exposure (Weight 25%; Score 76.4)

2.1 Historical TVL (17.5%; 72)
Average market share in the past 2Q: 9.1%, 11.6%
Data collected from DeBank | DeFi Wallet for Ethereum Users
2.2 Industry segment (5%; 90)
Curve is an exchange
2.3 Infrastructure (2.5%; 80)
No oracle needed for price feed

3. Audit (Weight 35%; Score 90)

Audit report available on: Curve.fi
3.1 Transparency and scope (14%; 100)
Full scope audit, and report is public
3.2 Audit firm trust score (10.5%; 70)
Audited by Trail of Bits and Quantstamp, Tier 2 audit firm
3.3 Audit findings (10.5%; 80)
No critical issues found in audit
3.4 Other credits (up to additive 5.25%; 5)
Audit done before deployment

4. Code quality (Weight 15%; Score 50)

Repository on github: GitHub - curvefi/curve-contract: Vyper contracts used in Curve.fi exchange pools.
4.1 Documentation
Documentation is not clear
4.2 Test
Test done but code coverage not visible

5. Developer community (Weight 5%; Score 83)

5.1 Bug bounty program (3.5%; 80)
Exists. Reward up to $50,000
5.2 Issues raised on Github (1.5%; 90)
9 issues raised on github repository

The N-SCOSS for Compound is 80.65, level 4