| Project | Security Maturity Level | Governance | Oracle | Last Review |
|---|---|---|---|---|
| Compound | Level 5 β | timelock | decentralized, community multisig oracle failover | Aug 12, 2021 |
| Aave | Level 5 β | timelock | decentralized, Aave team controls failover oracle | Aug 12, 2021 |
| MakerDAO MCD | Level 5 β | timelock | decentralized | Aug 18, 2021 |
| Uniswap v2 | Level 4 π’ | timelock | - | Aug 17, 2021 |
| SushiSwap | Level 4 π’ | offchain, multisig | - | Aug 17, 2021 |
| Yearn Finance | Level 4 π’ | offchain, multisig | - | Aug 17, 2021 |
| Bancor | Level 4 π’ | offchain, multisig | decentralized | Aug 17, 2021 |
| Synthetix | Level 4 π’ | council-based, delegated | decentralized | Aug 18, 2021 |
| Curve | Level 4 π’ | timelock, emergency multisig | decentralized | Aug 16, 2021 |
| ReflexerLabs | Level 3 π‘ | temp. gov, admin, multisig | decentralized | Aug 16, 2021 |
| Alchemix | Level 3 π‘ | multisig | - | Aug 16, 2021 |
| Convex Finance | Level 3 π‘ | multisig | - | Aug 16, 2021 |
| Idle Finance | Level 3 π‘ | timelock | decentralized | Aug 16, 2021 |
| UMA | Level 3 π‘ | timelock | optimistic oracle | Aug 16, 2021 |
| Argent | Level 3 π‘ | - | - | Aug 16, 2021 |
| Origin Dollar | Level 2 π | multisig | decentralized | Aug 18, 2021 |
This repository is for informational purposes only and does not constitute an offer to sell, a solicitation to buy, or a recommendation for any cover-related staking, nor does it constitute an offer to provide investment advisory or other services.
The resulting security maturity level is based on public information only. The maturity levels are structured similarly to the Capability Maturity Model with custom goals/requirements, which need to be fulfilled to reach a certain maturity level:
| Category | Level 1 π΄ | Level 2 π | Level 3 π‘ | Level 4 π’ | Level 5 β |
|---|---|---|---|---|---|
| Β Audits | - | Audits performed | Audits from reputable security companies or individuals | Multiple audits from reputable security companies or individuals | 1. Multiple audits from reputable security companies or individuals 2. Formal verification conducted |
| Bug Bounty | - | - | Bug bounty program in place | 1. Bug bounty program in place 2. Competitive payouts |
1. Bug bounty program in place 2. High payouts 3. Bug bounty submissions (if information public) |
| Value at Risk | - | >$1 million in the last 2 weeks | >$10 million for at least 1 month | >$100 million for at least 3 months | >$500 million for at least 6 months |