Layer 1 Protocol Eligibility

Operational risk

1. Audit

One essential factor in security assessment is the functionality of programming instructions because malfunctioned programming instructions can cause colossal damage. Therefore, it is necessary that the programming instructions have to be audited and verified by the programming experts.

In general, after the auditing process has been completed, the auditor will list out some critical issues found in the programming instructions. If the developer has fixed these issues, the auditor will report the results to the investors and the public. Unfortunately, in some very rare cases, the developer does not fix the problems correctly. This usually makes the protocol less reliable.

The ability and reputation of auditors are also critical. Being audited by trusted auditors can reduce security risks. We prepare the auditor credibility assessment by comparing the number of audited protocols and selecting only the top 5 auditors. To ensure audit quality without considering only the number, we select only protocols with the top 40 total locked values.

This table shows the number of audited protocols by each auditor.

We have the top 5 ranking auditors from the table as CertiK, Trail of Bits, PeckShield Inc, ConsenSys Diligence, and OpenZeppelin.

Additionally, some auditors also offer online monitoring services to ensure the reliability of the system.

This factor will be assessed by the number of unfixed issues and the credibility of the auditors, as shown below.

2. Maturity Eligibility

Usage period assessment allows us to evaluate the robustness of protocol design and structure to the market conditions and real users. For example, if the protocol has been used for an extended period, this protocol will likely have greater reliability than the protocol with a shorter usage period.

Therefore, this factor will be assessed by counting the number of months from the launch date to the assessment date according to the table below.

3. Governance Eligibility

The authority to control the system is one of the most important factors we need to consider. In general, blockchain transactions are very secure with immutability property. However, the programming instructions in the protocol can be updated. This can make the protocol vulnerable to fraud even though some credible auditors have audited the protocol.

System control authorization can be separated into two forms: centralized form and decentralized form. The decentralized structure is the most secure because the programming instruction has to be voted by the community before getting updated. In contrast, the developer can update the centralized form without having to be voted by the community. However, some protocols can raise the investors’ confidence by setting up some measures, such as setting a time lock before updating, announcing before updating, and decentralizing control over some critical parts.

We can rate this factor based on system control authorization and its additional measures, as shown below.

Financial Risk

1. Total Value Locked

In general, to obtain some returns from DeFi, such as liquidity providing or yield farming, the investors have to stake or lock their own capital/assets with the protocol. The total value locked can allow us to assess the security and suitability aspects of the investment. The greater the real value is locked, the less chance market manipulation can occur. It can also support more fund flow in the system.

We can rate this factor based on the total value locked in US dollars, as shown below.

2. Incidents of Attack

Fraud and theft risk is another common risk in the DeFi system. These kinds of attacks can come in different forms and are unpredictable. However, we can look at the attacks in 2 different aspects: points of the attack and the vulnerability pattern.

Currently, many DeFi protocols are working with other protocols, which can be in the form of clear terms and conditions between the developers (collaborative) or the form of aggregate. These processes can make the protocol functions more complicated and very hard to be analyzed by experts. In some cases, an attack on the protocol can cause enormous damage and also affect other protocols. Therefore, the point of attack can be categorized into a direct attack and an indirect attack through the relevant protocol.

Vulnerabilities can be broken down into three categories based on the level of the damage, vulnerability from system design, programming vulnerability, data breach vulnerability. The vulnerability from system design can come from unconcise economy structure design in the protocol. The attacker can perform an economic attack that causes damage to the asset holders. The programming vulnerability can come from bugs in the system which the attacker can perform a vulnerability attack. The data breach vulnerability comes from unsecured data protection. The attackers can have access to unauthorized data and use this data for attacks later.

As shown below, we can rate this factor based on the attack points and vulnerabilities in the past three months.

Adoption

1. Transaction Number

Protocol transaction number assessment allows us to evaluate the level of the adoption. High transaction numbers can indicate more financial services being used.

As shown in the table below, we can rate this factor by calculating the average daily transactions in the past one month and three months.

2. Transaction value

Transaction value assessment allows us to analyze market participation from big investors and institutions. Therefore, a high average transaction value can imply industry acceptance and may increase the adoption.

As shown below, we can rate this factor by calculating the average daily transactions value for the past one month and three months.

3. Stakers

Assessing the number of stakers allow us to evaluate the credibility. A high number of stakers can imply customer confidence and can lead to more adoption.

As shown below, we can rate this factor based on the number of stakers in the blockchain ecosystem (the same protocol can be in different blockchain ecosystems),

We summarize all factors and sub-factors for asset selection and risk assessment below.