Severity classification

​
Severity Level
Impact
Critical
- Network not able to confirm new transactions (total network shutdown)
- Unintended permanent chain split requiring hard fork (network partition requiring hard fork)
- Direct loss of funds
- Permanent freezing of funds (fix requires hard fork)
- Manipulation of governance voting results deviating from the voted outcome and resulting in a direct change from the intended effect of original results
- Direct theft of any user funds, whether at rest or in-motion, other than unclaimed yield
- Direct theft of any user NFTs, whether at-rest or in motion, other than unclaimed royalties
- Permanent freezing of NFTs
- Unauthorized minting of NFTs
- Predictable or manipulable RNG that results in abuse of the principal or NFT
- Unintended alteration of what the NFT represents (e.g. token URI, payload, artistic content)
- Protocol insolvency
High
- Unintended chain split (network partition)
- Temporary freezing of network transactions by delaying one block by 500% or more of the average block time of the preceding 24 hours beyond standard difficulty adjustments
- Causing network processing nodes to process transactions from the mempool beyond set parameters
- RPC API crash affecting projects with greater than or equal to 25% of the market capitalization on top of the respective layer
- Theft of unclaimed yield
- Theft of unclaimed royalties
- Permanent freezing of unclaimed yield
- Permanent freezing of unclaimed royalties
- Temporary freezing of funds
- Temporary freezing of NFTs
- Complete bypass of transaction fees or gas costs, resulting in free or heavily discounted transactions
- Cross-chain attacks causing disruption or instability in interconnected blockchains or networks
- Exploitable weaknesses in decentralized governance mechanisms, resulting in unfair voting outcomes or manipulation of governance decisions
Medium
- Increasing network processing node resource consumption by at least 30% without brute force actions, compared to the preceding 24 hours
- Shutdown of greater than or equal to 30% of network processing nodes without brute force actions, but does not shut down the network
- A bug in the respective layer 0/1/2 network code that results in unintended smart contract behavior with no concrete funds at direct risk
- Smart contract unable to operate due to lack of token funds
- Block stuffing
- Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol)
- Theft of gas
- Unbounded gas consumption
- Excessive transaction fees due to a bug or miscalculation in the fee calculation mechanism
- Vulnerabilities in smart contract logic or tokenomics resulting in suboptimal user experiences or inefficiencies
Low
- Shutdown of greater than 10% or equal to but less than 30% of network processing nodes without brute force actions but does not shut down the network
- Modification of transaction fees outside of design parameters
- Contract fails to deliver promised returns but doesn't lose value
- Low-risk issues related to documentation, code comments, or code style that do not directly affect security or functionality
- Minor inconsistencies in calculations within the smart contract that do not affect critical operations

Severity Level	Impact
Critical	- Network not able to confirm new transactions (total network shutdown) - Unintended permanent chain split requiring hard fork (network partition requiring hard fork) - Direct loss of funds - Permanent freezing of funds (fix requires hard fork) - Manipulation of governance voting results deviating from the voted outcome and resulting in a direct change from the intended effect of original results - Direct theft of any user funds, whether at rest or in-motion, other than unclaimed yield - Direct theft of any user NFTs, whether at-rest or in motion, other than unclaimed royalties - Permanent freezing of NFTs - Unauthorized minting of NFTs - Predictable or manipulable RNG that results in abuse of the principal or NFT - Unintended alteration of what the NFT represents (e.g. token URI, payload, artistic content) - Protocol insolvency
High	- Unintended chain split (network partition) - Temporary freezing of network transactions by delaying one block by 500% or more of the average block time of the preceding 24 hours beyond standard difficulty adjustments - Causing network processing nodes to process transactions from the mempool beyond set parameters - RPC API crash affecting projects with greater than or equal to 25% of the market capitalization on top of the respective layer - Theft of unclaimed yield - Theft of unclaimed royalties - Permanent freezing of unclaimed yield - Permanent freezing of unclaimed royalties - Temporary freezing of funds - Temporary freezing of NFTs - Complete bypass of transaction fees or gas costs, resulting in free or heavily discounted transactions - Cross-chain attacks causing disruption or instability in interconnected blockchains or networks - Exploitable weaknesses in decentralized governance mechanisms, resulting in unfair voting outcomes or manipulation of governance decisions
Medium	- Increasing network processing node resource consumption by at least 30% without brute force actions, compared to the preceding 24 hours - Shutdown of greater than or equal to 30% of network processing nodes without brute force actions, but does not shut down the network - A bug in the respective layer 0/1/2 network code that results in unintended smart contract behavior with no concrete funds at direct risk - Smart contract unable to operate due to lack of token funds - Block stuffing - Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol) - Theft of gas - Unbounded gas consumption - Excessive transaction fees due to a bug or miscalculation in the fee calculation mechanism - Vulnerabilities in smart contract logic or tokenomics resulting in suboptimal user experiences or inefficiencies
Low	- Shutdown of greater than 10% or equal to but less than 30% of network processing nodes without brute force actions but does not shut down the network - Modification of transaction fees outside of design parameters - Contract fails to deliver promised returns but doesn't lose value - Low-risk issues related to documentation, code comments, or code style that do not directly affect security or functionality - Minor inconsistencies in calculations within the smart contract that do not affect critical operations

Last modified 1mo ago