Introduction to N-SCOSS Rating

To provide reference on Nsure’s underwriting and its adjacent approach on our rating mechanism, we are here to introduce Nsure Smart Contract Overall Security Score (N-SCOSS) to help participants better understanding the underlying risk of each project listed on Nsure.
You may have already noticed the Security Rating assigned to each project on our Alpha Underwriting section. The grading of this Security Rating is based on N-SCOSS.

I. Overview

N-SCOSS is a score from 0 to100 measuring the code security based on five perspectives which are correlated to either the likelihood of an occurrence of a hack, bug or exploit (hereafter “attacking event”) or its severity. A higher N-SCOSS Rating reflects a rather secure evaluation result on a project’s safety based on our assessment standard. These perspectives are the key components of N-SCOSS, therefore named “Pillars”, symbolised by N_i. These pillars are further subdivided into several separately analysed rating factors, symbolised by N_(i,j). Weights are assigned to each pillar and each rating factor to quantify its relevance towards the code’s security.

II. Methodology

A selection of factor groups logically impacting the code security was first selected. By mapping historical hack events data to those selected rating factors, we are able to analyse whether they are correlated or not. Only those significantly correlated factors are included in the calculation of N-SCOSAS.

III. Five Pillars

The five pillars and their sub-factors composing N-SCOSAS are as below.

  • Past exploits (if any)
  • Team anonymity
  • Team experience in programming
  • Industry segment
  • Infrastructure
  • Audit findings
  • Audit firm trust score
  • Other credits
  • Test
  • Issues raised on Github

IV.Future improvement

1. To include adjustment factor
A Comprehensive Adjustment between -0.2 to +0.2, symbolised in the formula as A_1, is to be included in N-SCOSAS to credit for strengthening or penalising the weakness/robustness that may not have been captured within the 5-pillar structure. This may result due to innovation or increase in complexity on the average protocol complexity over time.

Open Insurance Platform for Open Finance