Skip to content

Scoring Methodology

Cromshield's proprietary scoring methodology evaluates crypto projects across multiple dimensions to produce a comprehensive security score from 0 to 100.

Our scoring system is designed to provide an objective, data-driven assessment of project security and trustworthiness. Each project is evaluated based on publicly available data, on-chain analysis, and market signals.

Understanding Scores

Scores range from 0 to 100. Higher scores indicate stronger security posture and transparency. Scores are color-coded for quick reference.

Excellent
90/100
Good
70/100
Moderate
50/100
Low
30/100
Critical
10/100

What We Evaluate

Our methodology considers a wide range of factors across several key areas:

Code Security — evaluates smart contract audit results, token safety characteristics, third-party audit history, and source code verification. Findings are assessed in the context of each project's type and expected functionality.

Financial Health — assesses the project's financial stability including market capitalization, liquidity depth, supply transparency, exchange presence, and valuation metrics.

Governance & Transparency — measures governance activity (on-chain and off-chain proposals), team accountability, public disclosure, and the project's governance infrastructure.

Community & Social — evaluates community size and growth across platforms including social media presence, follower counts, and platform diversity.

Operational Security — considers the project's track record, operational maturity, source code verification, ownership governance, deployer history, and active bug bounty programs.

Market Behavior — analyzes price stability, volume consistency, trading pair diversity, and exchange distribution for signs of healthy or manipulated market activity.

Ecosystem Integration — assesses multi-chain deployment coverage, ecosystem breadth, exchange listings, open-source code availability, and DeFi Total Value Locked where applicable.

The relative importance of each category is adjusted based on the type of project being evaluated.

How Scores Work

Each project receives a score that reflects its current security posture. Here's what you should know:

  • Scores are updated regularly as new data becomes available
  • A score reflects the project's current state — it can improve or decline over time
  • When in doubt, our system rounds down — we err on the side of caution
  • Scores are for informational purposes only and do not constitute financial advice

Context-Aware Scoring

Not all crypto projects are the same. A stablecoin has different security priorities than a meme token or an L1 blockchain.

Our system recognizes different project types and adjusts its evaluation criteria accordingly. This ensures projects are assessed against relevant benchmarks rather than a one-size-fits-all formula. The specific classification rules and weight adjustments are proprietary.

Trust Signals & Risk Rating

Audit risk ratings are contextualized using measurable trust signals from public data. The same smart contract pattern carries different risk depending on the project's establishment and track record. Our system considers factors such as:

  • Market establishment — projects with significant market presence have greater stakeholder accountability
  • Operational history — longer track records without security incidents indicate proven reliability
  • Market accessibility — broader exchange availability suggests wider industry vetting
  • Ownership structure — the contract ownership model (multisig, timelock, renounced, or single-key) is factored into risk assessment
  • Bug bounty programs — active security bounty programs on platforms like Immunefi signal proactive security commitment
  • Third-party audit history — audits by recognized security firms contribute positively to the security assessment

Established projects with strong trust signals receive proportionally adjusted risk ratings, while new or unknown projects are assessed at full scrutiny. Known regulatory compliance features on established tokens (such as mint, pause, and blacklist on stablecoins) are recognized as expected functionality and distinguished from security vulnerabilities.

Token Safety Checklist

Each project receives a binary safety checklist covering key risk areas including ownership controls, token mechanics, transfer restrictions, and contract architecture. Checks are derived from published security audits when available, with supplementary automated analysis for broader coverage. Each check is marked safe, risk, or unknown. The checklist is evaluated in the context of the project's type — features expected for a stablecoin are treated differently than the same features on a meme token.

Data Freshness

Scores reflect current project state, not a point-in-time snapshot:

  • Market data is refreshed frequently throughout the day based on project importance
  • Security scores are recalculated regularly and immediately after new audit publications
  • Audit results are persisted permanently and factor into all subsequent score calculations

Proprietary Methodology

The specific algorithms, weights, and technical implementation details of our scoring system are proprietary. This ensures the integrity of our assessments and prevents gaming of the scoring system. We continuously refine our methodology based on emerging threats and industry developments.