AuditOne Docs
Search
K
Comment on page

Severity Classification

Severity Levels
Low
Medium
High
Critical
Impact
  • Shutdown of greater than 10% or equal to but less than 30% of network processing nodes without brute force actions but does not shut down the network.
  • Modification of transaction fees outside of design parameters.
  • Contract fails to deliver promised returns but doesn't lose value.
  • Low-risk issues related to documentation, code comments, or code style that do not directly affect security or functionality.
Impact
  • Increasing network processing node resource consumption by at least 30% without brute force actions, compared to the preceding 24 hours.
  • Shutdown of greater than or equal to 30% of network processing nodes without brute force actions but does not shut down the network.
  • A bug in the respective layer 0/1/2 network code that results in unintended smart contract behavior with no concrete funds at direct risk.
  • Smart contracts are unable to operate due to a lack of token funds.
  • Block stuffing.
  • Griefing (e.g., no profit motive for an attacker but damage to the users or the protocol).
  • Theft of gas.
  • Unbounded gas consumption.
  • Excessive transaction fees due to a bug or miscalculation in the fee calculation mechanism.
  • Vulnerabilities in smart contract logic or tokenomics resulting in suboptimal user experiences or inefficiencies.
Impact
  • Unintended chain split (network partition).
  • Temporary freezing of network transactions by delaying one block by 500% or more of the average block time of the preceding 24 hours beyond standard difficulty adjustments.
  • Causing network processing nodes to process transactions from the mempool beyond set parameters.
  • RPC API crash affecting projects with greater than or equal to 25% of the market capitalization on top of the respective layer.
  • Theft of unclaimed yield.
  • Theft of unclaimed royalties.
  • Permanent freezing of unclaimed yield.
  • Permanent freezing of unclaimed royalties.
  • Temporary freezing of funds.
  • Temporary freezing of NFTs.
  • Complete bypass of transaction fees or gas costs, resulting in free or heavily discounted transactions.
  • Cross-chain attacks causing disruption or instability in interconnected blockchains or networks.
  • Exploitable weaknesses in decentralized governance mechanisms resulting in unfair voting outcomes or manipulation of governance decisions.
Impact
  • The network is not able to confirm new transactions (total network shutdown).
  • Unintended permanent chain split requiring hard fork (network partition requiring hard fork).
  • Direct loss of funds.
  • Permanent freezing of funds (fix requires hard fork).
  • Manipulation of governance voting results in deviating from the voted outcome and resulting in a direct change from the intended effect of the original results.
  • Direct theft of any user funds, whether at rest or in-motion, other than unclaimed yield.
  • Direct theft of any user NFTs, whether at-rest or in motion, other than unclaimed royalties.
  • Permanent freezing of NFTs.
  • Unauthorized minting of NFTs.
  • The predictable or manipulable RNG that results in abuse of the principal or NFT.
  • Unintended alteration of what the NFT represents (e.g., token URI, payload, artistic content).
  • Protocol insolvency.
Bug bounty - Previous
Bug Bounty Q&A
Next - Bug bounty
Code of Conduct
Last modified 25d ago