To provide reference on Nsure’s underwriting and it’s adjacent approach on our nouvelle rating mechanism, we are here to introduce Nsure Smart Contract Overall Security Score(N-SCOSS) to help participants better understanding the underlying risk of each project listed on Nsure.
You may have already noticed the Security Rating assigned to each project on our Alpha Underwriting section. The grading of this Security Rating is based on N-SCOSS
N-SCOSS is a score from 0 to 100 measuring the code security based on five perspectives which are correlated to either the likelihood of an occurrence of a hack, bug or exploit (hereafter "attack event") or the severity of an attacking event. A higher N-SCOSS Rating reflects a rather secure evaluation result on a project’s safety based on our assessment standard. These perspectives are the key components of N-SCOSS, therefore named "Pillars", symbolised by Ni. These pillars are further subdivided into several separately analysed rating factors, symbolised by Ni,j. Weights are assigned to each pillar and each rating factor to quantify its relevance towards the code’s security.
Below is the exact formula for calculating N-SCOSS.
A selection of factor groups logically impacting the code security was first selected. By mapping historical hack events data to those selected rating factors, we are able to analyze whether they are correlated or not. Only those significantly correlated factors are included in the calculation of N-SCOSS.
III. Five Pillars
The five pillars and their sub-factors composing N-SCOSS are as below.
Pillar One – History & Team
Past exploits (if any)
Team experience in programming
Pillar Two – Exposure
Total value locked
Pillar Three – Audit
Audit transparency and scope
Audit firm trust score
Pillar Four – Code quality
Pillar Five – Developer Community
Bug bounty program
Issues raised on Github
IV. Future improvement
To include adjustment factor
A Comprehensive Adjustment between -0.2 to +0.2, symbolised by , is to be included in N-SCOSS to credit for strengthening or penalising the weakness/robustness that may not have been captured within the 5-pillar structure. This may result due to innovation or increase in complexity on the average protocol complexity over time.
Data & Parameter calibration
Currently, we've been using data from reliable sources such as SlowMist Hack Zone, DeBank & DefiPulse, to mention some of the sources in the correlation study and parameter (weight) calibration. It is intended to have set up an automatic data feed into the rating model via external data aggregation, minimising manual interference. The purpose of doing so is to minimise centralised judgement and to make N-SCOSS an auto-generated indicator on Nsure dashboard for users' reference.