Comment on page
Severity Classification
Severity Levels
Low
Medium
High
Critical
Impact
- Shutdown of greater than 10% or equal to but less than 30% of network processing nodes without brute force actions but does not shut down the network.
- Modification of transaction fees outside of design parameters.
- Contract fails to deliver promised returns but doesn't lose value.
- Low-risk issues related to documentation, code comments, or code style that do not directly affect security or functionality.
Impact
- Increasing network processing node resource consumption by at least 30% without brute force actions, compared to the preceding 24 hours.
- Shutdown of greater than or equal to 30% of network processing nodes without brute force actions but does not shut down the network.
- A bug in the respective layer 0/1/2 network code that results in unintended smart contract behavior with no concrete funds at direct risk.
- Smart contracts are unable to operate due to a lack of token funds.
- Block stuffing.
- Griefing (e.g., no profit motive for an attacker but damage to the users or the protocol).
- Theft of gas.
- Unbounded gas consumption.
- Excessive transaction fees due to a bug or miscalculation in the fee calculation mechanism.
- Vulnerabilities in smart contract logic or tokenomics resulting in suboptimal user experiences or inefficiencies.
Impact
- Unintended chain split (network partition).
- Temporary freezing of network transactions by delaying one block by 500% or more of the average block time of the preceding 24 hours beyond standard difficulty adjustments.
- Causing network processing nodes to process transactions from the mempool beyond set parameters.
- RPC API crash affecting projects with greater than or equal to 25% of the market capitalization on top of the respective layer.
- Theft of unclaimed yield.
- Theft of unclaimed royalties.
- Permanent freezing of unclaimed yield.
- Permanent freezing of unclaimed royalties.
- Temporary freezing of funds.
- Temporary freezing of NFTs.
- Complete bypass of transaction fees or gas costs, resulting in free or heavily discounted transactions.
- Cross-chain attacks causing disruption or instability in interconnected blockchains or networks.
- Exploitable weaknesses in decentralized governance mechanisms resulting in unfair voting outcomes or manipulation of governance decisions.
Impact
- The network is not able to confirm new transactions (total network shutdown).
- Unintended permanent chain split requiring hard fork (network partition requiring hard fork).
- Direct loss of funds.
- Permanent freezing of funds (fix requires hard fork).
- Manipulation of governance voting results in deviating from the voted outcome and resulting in a direct change from the intended effect of the original results.
- Direct theft of any user funds, whether at rest or in-motion, other than unclaimed yield.
- Direct theft of any user NFTs, whether at-rest or in motion, other than unclaimed royalties.
- Permanent freezing of NFTs.
- Unauthorized minting of NFTs.
- The predictable or manipulable RNG that results in abuse of the principal or NFT.
- Unintended alteration of what the NFT represents (e.g., token URI, payload, artistic content).
- Protocol insolvency.
Last modified 25d ago