Security Score
Project security checklist
Answer each item and a weighted 0-100 score is calculated in real time. Unanswered items count as zero, so a complete checklist is needed for a reliable result.
Smart contract audits
Evaluates whether external security audits exist and how rigorous they are.
What is the highest-tier firm that has audited this project?
Number of audit reports from different firms.
Time since the most recent audit covering deployed code.
PDF reports are accessible at a public, unrestricted location.
All reported Critical/High findings are fixed or explicitly accepted.
Code quality
Engineering maturity: tests, documentation, formal verification.
Line and branch coverage levels.
Production contract source is in a public repository.
Source is verified on Etherscan or equivalent.
Core invariants verified with Certora, K, Halmos, or similar tools.
Repository contains Foundry or Echidna invariant tests.
Operational security
Admin keys, upgrade paths, timelocks, and operational controls.
Admin keys are operated through a multisig such as Safe.
Admin actions are gated through a timelock.
Whether and how the contracts can be upgraded.
Critical functions support a pause or circuit breaker.
Real-time monitoring via Forta, Tenderly, Phalcon, or similar.
Bug bounty
Size and operation of external whitehat incentives.
Where the official bug bounty program runs.
Top payout for a Critical issue.
Scope, severity rules, and PoC requirements are documented.
Decentralization & dependencies
Oracle, bridge, and governance dependency risks.
Safety and diversity of price feeds.
Token power distribution, proposal periods, and quorum.
Whether external bridges sit in the critical fund flow.
Incident response
Incident history and response transparency.
History of significant fund loss.
Explicit policy committing to publishing incident postmortems.
Documented 24/7 security contact channel and SLA.