This Document describes how is a Smart Contract Security Score (SCSS) Defined
SCSS is a score which goes from 1 to 10 to define how secure is a Smart Contract.
Smart Contracts should always try to reach 10, but in some cases it's not possible. Ensure that your Smart Contract is at least with the score of 7, then you can consider your Smart contract a Low Risk Smart Contract.
Note that the SCSS can be greater to 10. 10 is the symbolic value for a Secure Smart Contract. If your Smart Contract has a SCSS greater to 10, well done! You have a extremely secure Smart Contract.
In the same way, the SCSS can be negative (less than 0). If your Smart Contract has a negative SCSS, your contract will probably be hacked
The SCSS is Calculated based in the Following Q/A
Is the contract code Open Source?
Yes: +1 Points
No: -3 Points
Is the contract verified on Explorers?
Yes: +0.5 Points
No: -1 Point
Is the Smart Contract Audited?
Yes: +2 Points
No: -2 Points
How Many Audits?
****+0.2 Points per Audit
Is the Smart Contract in a Bug Bounty program?
Yes: +1 Point
No: -1 Point
What's the max Bounty USD Value?
$1,000,000: +0.5 Points
$500,000: +0.3 Points
$200,000: +0.2 Points
$100,000: +0.1 Points
Are the devs known?
Yes: +0.5 Points
Does the smart contract have access controls?
Is the Admin a separated wallet only for this role?
No: -0.2
Is the admin a multi-sig wallet?
No: -0.5
Is at least 3 signers needed to perform admin transactions?
No: -0.2 Points
Is each role a separated wallet?
No: -0.2 Points per role
Is each role a multi-sig wallet?
No: -0.3 Points per role
Is at least 3 signers needed to perform the role transaction?
No: -0.1 Points per role
Can any role withdraw other users liquidity from the Contract?
Yes: -1 Point
Does the Smart Contract uses any 3rd Party Smart Contracts?
Is the 3rd Party Smart Contract from a famous web3 protocol?
Yes: +0.2 Points
Is the 3rd Party Smart Contract audited?
No: -0.5 Points
Is there any situation that this 3rd Party Smart Contract can exploit the Smart Contract?
Yes: -2
Does the Smart Contract Use price Oracles?
Is liquidity pool price oracle used?
Yes: -3
Does the Smart Contract have a test suite?
Yes: +2
No: -5
Does the Smart Contract has unit tests?
Yes: +1
No: -1
Does the Smart Contract has Fuzz tests:
Yes: +1
No: -1
Does the Smart Contract has Invariant tests?
Yes: +1
Does the Smart Contract has Integration tests?
Yes: +1
Does the Smart Contract run tests in a forked environment?
Yes: +0.5
How long is this Smart Contract deployed?
1 year: +2 Points
< 1 year: +1 Point
< 6 monts: +0.5 Points
< 3 months -0.2 Points
< 1 month -0.5 Points