Impact

• Increasing network processing node resource consumption by at least 30% without brute force actions, compared to the preceding 24 hours.

• Shutdown of greater than or equal to 30% of network processing nodes without brute force actions but does not shut down the network.

• A bug in the respective layer 0/1/2 network code that results in unintended smart contract behavior with no concrete funds at direct risk.

• Smart contracts are unable to operate due to a lack of token funds.

• Block stuffing.

• Griefing (e.g., no profit motive for an attacker but damage to the users or the protocol).

• Theft of gas.

• Unbounded gas consumption.

• Excessive transaction fees due to a bug or miscalculation in the fee calculation mechanism.

• Vulnerabilities in smart contract logic or tokenomics resulting in suboptimal user experiences or inefficiencies.

Impact

• Unintended chain split (network partition).

• Temporary freezing of network transactions by delaying one block by 500% or more of the average block time of the preceding 24 hours beyond standard difficulty adjustments.

• Causing network processing nodes to process transactions from the mempool beyond set parameters.

• RPC API crash affecting projects with greater than or equal to 25% of the market capitalization on top of the respective layer.

• Theft of unclaimed yield.

• Theft of unclaimed royalties.

• Permanent freezing of unclaimed yield.

• Permanent freezing of unclaimed royalties.

• Temporary freezing of funds.

• Temporary freezing of NFTs.

• Complete bypass of transaction fees or gas costs, resulting in free or heavily discounted transactions.

• Cross-chain attacks causing disruption or instability in interconnected blockchains or networks.

• Exploitable weaknesses in decentralized governance mechanisms resulting in unfair voting outcomes or manipulation of governance decisions.

Impact

• The network is not able to confirm new transactions (total network shutdown).

• Unintended permanent chain split requiring hard fork (network partition requiring hard fork).

• Direct loss of funds.

• Permanent freezing of funds (fix requires hard fork).

• Manipulation of governance voting results in deviating from the voted outcome and resulting in a direct change from the intended effect of the original results.

• Direct theft of any user funds, whether at rest or in-motion, other than unclaimed yield.

• Direct theft of any user NFTs, whether at-rest or in motion, other than unclaimed royalties.

• Permanent freezing of NFTs.

• Unauthorized minting of NFTs.

• The predictable or manipulable RNG that results in abuse of the principal or NFT.

• Unintended alteration of what the NFT represents (e.g., token URI, payload, artistic content).

• Protocol insolvency.