N-SCOSS Rating

To provide reference on Nsure’s underwriting and it’s adjacent approach on our nouvelle rating mechanism, we are here to introduce Nsure Smart Contract Overall Security Score (N-SCOSS) to help participants better understanding the underlying risk of each project listed on Nsure.

You may have already noticed the Security Rating assigned to each project on our Alpha Underwriting section. The grading of this Security Rating is based on N-SCOSS

I. Overview

N-SCOSS is a score from 0 to 100 measuring the code security based on five perspectives which are correlated to either the likelihood of an occurrence of a hack, bug or exploit (hereafter "attack event") or the severity of an attacking event. A higher N-SCOSS Rating reflects a rather secure evaluation result on a project’s safety based on our assessment standard. These perspectives are the key components of N-SCOSS, therefore named "Pillars", symbolised by Ni. These pillars are further subdivided into several separately analysed rating factors, symbolised by Ni,j. Weights are assigned to each pillar and each rating factor to quantify its relevance towards the code’s security.

Below is the exact formula for calculating N-SCOSS.

Methodology

A selection of factor groups logically impacting the code security was first selected. By mapping historical hack events data to those selected rating factors, we are able to analyze whether they are correlated or not. Only those significantly correlated factors are included in the calculation of N-SCOSS.

III. Five Pillars

The five pillars and their sub-factors composing N-SCOSS are as below.

Pillar One – History & Team

  • Project age

  • Past exploits (if any)

  • Team anonymity

  • Team experience in programming

Pillar Two – Exposure

  • Total value locked

  • Industry segment

  • Infrastructure

Pillar Three – Audit

  • Audit transparency and scope

  • Audit findings

  • Audit firm trust score

  • Other credits

Pillar Four – Code quality

  • Documentation

  • Test

Pillar Five – Developer Community

  • Bug bounty program

  • Issues raised on Github

IV. Future improvement

  1. To include adjustment factor

A Comprehensive Adjustment between -0.2 to +0.2, symbolised by , is to be included in N-SCOSS to credit for strengthening or penalising the weakness/robustness that may not have been captured within the 5-pillar structure. This may result due to innovation or increase in complexity on the average protocol complexity over time.

  1. Data & Parameter calibration

Currently, we've been using data from reliable sources such as SlowMist Hack Zone, DeBank & DefiPulse, to mention some of the sources in the correlation study and parameter (weight) calibration. It is intended to have set up an automatic data feed into the rating model via external data aggregation, minimising manual interference. The purpose of doing so is to minimise centralised judgement and to make N-SCOSS an auto-generated indicator on Nsure dashboard for users' reference.