We aproach the evaluation using several aspects.
The TVL (total value locked) impact is a figure between 1 and 5 as well, where 1 is the lowest impact labeled “low” (above 50MM) and 5 is the highest impact in TVL less than 100k. This table measures how to allocate to new riskier strategies without having a catastrophic event in case of a hack or issue. The TVL is measured in USD and grows dynamically based on strategies allocations onchain. At 2Pi keep track of the TVL and risk score to make fund allocation decisions and mitigations if a strategy group has fallen into the “red” high-risk zone:
Testing score is a metric of how much of the codebase for the strategy has been tested. It uses the test coverage number as a reference, higher coverage means the developer/strategist took time to test most of the operations of the strategy in a unit test or fork environment. This score assumes a less tested strategy entails more risk since we know less about what is expected from the code:
Auditing is the process where an audit firm or an external security researcher reviews the code for any potential vulnerabilities and presents a report for mitigation. Audits usually take longer than an internal security review and are not immediately available given the demand for audits in the space, so most strategies are sent to production with no audits (thus high-risk score) to keep their TVL limited. This strikes a balance of validating the strategy in production with a calculated risk while we schedule a proper audit. The risk score helps us prioritize which strategies should get audited first, based on impact and other dimensions of scoring:
Here we asses how much code, found movements and other related steps are involved on the process of earning yield.
How long the strategy has been running live on 2Pi: