*Risk scores are separated into two categories: strategy-related and external protocol-related.*
*Strategy-related scores are intended to focus solely on the strategy implementation. While there may be indirect exposure to external protocols when evaluating these scores, the primary focus is on the strategy implementation itself.*
*External protocol-related scores directly target external protocols. While the strategy-related scores indirectly reference the external protocol, the responses are not directly related to the external protocol itself. Conversely, these scores fully concentrate on the external protocol.*
*In the case of multiple external protocols integrated with a strategy, each external protocol should be evaluated according to the risk scores, and the average will be the final score. For example, if a strategy involves depositing DAI to CurveLP and staking it in Convex, then both Convex and Curve should be evaluated accordingly.*
*All scores are intended to be filled objectively, so the metrics are chosen as objectively as possible. However, due to the uncertainty of potential strategies and external protocols,
can make exceptions and assign scores that do not strictly adhere to the scoring framework. In such cases, every score type has an optional text box, which SAM fills out to justify why the score is given as it is.*
*To assign scores, certain information is required, such as testing coverage and external protocol audits. This information should be initially provided by the strategist who writes the strategy, and then SAM will double-check whether the supplied information is correct or missing.*
### STRATEGY RELATED SCORES
### **reviewScore**
**Description:**
To have a unified reviewScore for both internal and external strategies, we assume that the strategist writer itself is either a Source of Trust (internal) or not (external). So all internal strategies always includes that 1 additional source of trust in addition.
Together with all other Sources of Trust (SoTs) in this list:
- internal strategist wrote the strategy
- peer reviews
- expert peer reviews
- SAM security reviews
- SAM recurring security review
each item accounts for 1 SoT point, and any combinations of these gives the number of SoTs a strategy has and thus gives the associated review score:
5 -> 1 SoT
4 -> 2 SoT
3 -> 3 SoT
2 -> 4 SoT
1 -> 5 SoT
### **testingScore**
**Description:**
The testing coverage of the strategy being evaluated. Note that there are no intermediate scores for this score. The reason is to incentivise strategists to aim for at least 80% testing coverage.
5 -> 80% or less
1 -> 100% or higher
### **complexityScore**
**Description:**
The sLOC count of the strategy being evaluated. Note that the strategy can be complex regardless of the sLOC. In such cases, SAM will provide the justification reason for the score by text if needed.
5 -> 750+ sLOC
4 -> 450-600 sLOC
3 -> 300-450 sLOC
2 -> 150-300 sLOC
1 -> 0-150 sLOC
### **riskExposureScore**
**Description:**
This score aims to find out how much and how often a strategy can be subject to losses. Due to the nature of evaluating such hard metrics, SAM will provide the justification reason for the score by text if needed.
5 -> Loss of funds or non recoverable funds up to 70-100% (Example, Leveraging cross assets and got liquidated, adding liquidity to volatile pairs single sided)
4 -> Loss of funds or non recoverable funds up to 15-70% (Example, adding liquidity to single sided curve stable pools)
3 -> Loss of funds or non recoverable funds up to 10-15% (Example, Protocol specific IL exposure, very high deposit/withdrawal fees)
2 -> Loss of funds or non recoverable funds up to 0-10% (Example, deposit/withdrawal fees or anything protocol specific)
1 -> Strategy has no lossable cases, only gains, up only.
### **centralisationRiskScore**
**Description**:
The centralization score of the strategy that is being evaluated. Measures the strategy's reliance on privileged roles that are defined in strategy.
5 -> Strategy heavily relies on off-chain management, potentially exposing user funds to rug possibilities by admins.
4 -> Strategy frequently depends on off-chain management but has safeguards against rug possibilities by admins.
3 -> Strategy involves privileged roles but less frequently and with less risk of rug possibilities.
2 -> Strategy has privileged roles but they are not vital for operations and pose minimal risk of rug possibilities.
1 -> Strategy operates without dependency on any privileged roles, ensuring full permissionlessness.
### **protocolIntegrationScore**
**Description:**
The protocols that are integrated into the strategy that is being evaluated.
For example:
If the strategy's underlying asset is DAI and deposits it to Curve LP and stakes the LP in Convex, then there are 2 external protocols integrated.
Note:
Protocols used only in swapping or getting reference value that are not critical to how the strategy works are not added here. For example: UniswapV3Swapper is not counted as an external protocol.
5 -> Strategy interacts with 5 external protocols
4 -> Strategy interacts with 4 external protocols
3 -> Strategy interacts with 3 external protocols
2 -> Strategy interacts with 2 external protocols
1 -> Strategy interacts with 1 external protocol
### EXTERNAL PROTOCOL RELATED SCORES
*In case there are multiple external protocols integrated with strategy, then each external protocol should be evaluated according to the risk scores and the average will be the final score
For example: If strategy is depositing DAI to CurveLP and stakes it in Convex, then both Convex and Curve should be evaluated accordingly*
### **externalProtocolAuditingScore**
**Description:**
The public audits count of the external protocols.
5 -> No audit conducted by a trusted firm or security researcher.
4 -> Audit conducted by 1 trusted firm or security researcher conducted
3 -> Audit conducted by 2 trusted firm or security researcher conducted
2 -> Audit conducted by 3 trusted firm or security researcher conducted
1 -> Audit conducted by 4 or more trusted firm or security researcher conducted
### **externalProtocolCentralisationScore**
**Description:**
Measurement of the centralization score of the external protocols.
5 -> Contracts owner is an EOA or a multisig with less than 4 members | Contracts are not verified
4 -> Contracts owner is a multisig with more than or equal to 4 members & Contracts are verified
3 -> DD took place & Contracts owner is a multisig with more than or equal to 4 members & Contracts are verified
2 -> DD took place & Contracts owner is a multisig with more than or equal to 4 members & Contracts are verified & Multisig members are known
1 -> DD took place & Contracts owner is a multisig with more than or equal to 4 members & Contracts are verified & Multisig members are known, trusted people
### **externalProtocolTvlScore**
**Description:**
The active TVL that the external protocol holds
5 -> TVL of $10M or less
4 -> TVL between $10M and $40M
3 -> TVL between $40M and $120M
2 -> TVL between $120M and $480M
1 -> TVL of $480M or more
### **externalProtocolLongevityScore**
**Description:**
How long the external protocol contracts in scope have been deployed alive
5 -> Less than 6 months
4 -> Between 6 and 12 months
3 -> Between 12 and 18 months
2 -> Between 18 and 24 months
1 -> 24 months or more
### externalProtocolTypeScore
**Description:**
What does the external protocol do? Note that this is a rough estimate of evaluating a protocol's purpose. In some cases, SAM can score regardless of the criteria; in such cases, the reasoning will be provided in the text box as usual with all scores.
5 -> The main expertise of the protocol lies in off-chain operations, such as RWA protocols.
4 -> Cross-chain applications, like cross-chain bridges, cross-chain yield aggregators, and cross-chain lending/borrowing protocols
3 -> AMM lending/borrowing protocols that are not forks of blue-chip protocols, leveraged farming protocols, as well as newly conceptualized protocols
2 -> Slightly modified forked blue-chip protocols.
1 -> Blue-chip protocols such as AAVE, Compound, Uniswap, Curve, Convex, and Balancer.
### This is how the risk scores will be attached to the strategy issue
```json
reviewScore:
testingScore:
complexityScore:
riskExposureScore:
protocolIntegrationScore:
centralisationRiskScore:
externalProtocolAuditingScore:
externalProtocolCentralisationScore:
externalProtocolTvlScore:
externalProtocolLongevityScore:
externalProtocolTypeScore:
```
**Additional comments by the SAM:**
{comment here}
Sign in with Wallet
Connect another wallet