# Protocol Rating and Score

The Protocol Score is a security evaluation metric ranging from 0 to 100, used to assess how well a protocol is safeguarded against various risks. The score is based on eight metrics grouped into four key categories:

# Categories Evaluated

• Security Infrastructure Evaluates the protocol’s defenses against exploitation.

• Code Assesses code complexity and size, both of which can impact security and maintainability.

• Centralization Looks at whether any individuals or entities have significant control over users’ funds.

• User Ratings Captures the general sentiment and trust level from the public.

# Scoring Methodology

• Post-Audit Code Changes If the codebase has been modified within six months after an audit: –20 points

• Audit Coverage If the protocol has been audited by more than two independent firms: +15 points

• Code Complexity and Size

  • Average complexity across all contracts is rated on a scale of 0–20.
  • Codebase size reduces the score from 20 to 0 as it grows, with every additional 1,000 lines lowering the score.
  • The final Code Score is the average of the complexity and size ratings: 0–20 points

• Vulnerabilities Identified During Audits

  • Starts at 20 points.
  • For every 5 high or medium-severity issues per 1,000 lines of code, the score decreases linearly.
  • The first 5 issues per 1,000 lines are acceptable; each additional set reduces the score.

• Centralization Score This score is added to the total (see “Centralization Scoring Method” for details).

• User Rating Based on a 0–5 scale reflecting community sentiment. If no user data is available, a default score of 5 is applied.

# Final Score

The Protocol Score is the sum of all evaluated components. A score of 100 represents a protocol that has implemented all essential cybersecurity best practices.

# Protocol Rating

The protocol rating is to create an easier way to read the protocol score. Starting at AAA for best and ending with C for worst.