To provide reference on Nsure’s underwriting and its adjacent approach on our rating mechanism, we are here to introduce Nsure Smart Contract Overall Security Score (N-SCOSS) to help participants better understanding the underlying risk of each project listed on Nsure.
You may have already noticed the Security Rating assigned to each project on our Alpha Underwriting section. The grading of this Security Rating is based on N-SCOSS.
N-SCOSS is a score from 0 to100 measuring the code security based on five perspectives which are correlated to either the likelihood of an occurrence of a hack, bug or exploit (hereafter “attacking event”) or its severity. A higher N-SCOSS Rating reflects a rather secure evaluation result on a project’s safety based on our assessment standard. These perspectives are the key components of N-SCOSS, therefore named “Pillars”, symbolised by N_i. These pillars are further subdivided into several separately analysed rating factors, symbolised by N_(i,j). Weights are assigned to each pillar and each rating factor to quantify its relevance towards the code’s security.
Below is the exact formula for calculating N-SCOSS.
A selection of factor groups logically impacting the code security was first selected. By mapping historical hack events data to those selected rating factors, we are able to analyse whether they are correlated or not. Only those significantly correlated factors are included in the calculation of N-SCOSAS.
III. Five Pillars
The five pillars and their sub-factors composing N-SCOSAS are as below.
Pillar One — History & Team
- Project age
- Past exploits (if any)
- Team anonymity
- Team experience in programming
Pillar Two — Exposure
- Total value locked
- Industry segment
Pillar Three — Audit
- Audit transparency and scope
- Audit findings
- Audit firm trust score
- Other credits
Pillar Four — Code quality
Pillar Five — Developer Community
- Bug bounty program
- Issues raised on Github
1. To include adjustment factor
A Comprehensive Adjustment between -0.2 to +0.2, symbolised in the formula as A_1, is to be included in N-SCOSAS to credit for strengthening or penalising the weakness/robustness that may not have been captured within the 5-pillar structure. This may result due to innovation or increase in complexity on the average protocol complexity over time.
2. Data & Parameter calibration
Currently, we’ve been using data from reliable sources such as SlowMist Hack Zone, DeBank & DefiPulse, to mention some of the sources in the correlation study and parameter (weight) calibration. It is intended to have set up an automatic data feed into the rating model via external data aggregation, minimising manual interference. The purpose of doing so is to minimise centralised judgement and to make N-SCOSAS an auto-generated indicator on Nsure dashboard for users’ reference.
If you would like to read more about out mission, vision and values:
Or follow our latest moves on:
Official Twitter: https://twitter.com/Nsure_network
Nsure 中文群: https://t.me/NsureCN
For private inquiries or collaborations, please DM any of our admins or contact contact@Nsure.network