# Severity Classification

<table data-full-width="true"><thead><tr><th width="160">Severity Level</th><th>Impact</th></tr></thead><tbody><tr><td>Critical</td><td><p>- Network not able to confirm new transactions (total network shutdown)</p><p>- Unintended permanent chain split requiring hard fork (network partition requiring hard fork)</p><p>- Direct loss of funds</p><p>- Permanent freezing of funds (fix requires hard fork)</p><p>- Manipulation of governance voting results deviating from the voted outcome and resulting in a direct change from the intended effect of original results</p><p>- Direct theft of any user funds, whether at rest or in-motion, other than unclaimed yield</p><p>- Direct theft of any user NFTs, whether at-rest or in motion, other than unclaimed royalties</p><p>- Permanent freezing of NFTs</p><p>- Unauthorized minting of NFTs</p><p>- Predictable or manipulable RNG that results in abuse of the principal or NFT</p><p>- Unintended alteration of what the NFT represents (e.g. token URI, payload, artistic content)</p><p>- Protocol insolvency</p></td></tr><tr><td>High</td><td><p>- Unintended chain split (network partition)</p><p>- Temporary freezing of network transactions by delaying one block by 500% or more of the average block time of the preceding 24 hours beyond standard difficulty adjustments</p><p>- Causing network processing nodes to process transactions from the mempool beyond set parameters</p><p>- RPC API crash affecting projects with greater than or equal to 25% of the market capitalization on top of the respective layer</p><p>- Theft of unclaimed yield</p><p>- Theft of unclaimed royalties</p><p>- Permanent freezing of unclaimed yield</p><p>- Permanent freezing of unclaimed royalties</p><p>- Temporary freezing of funds</p><p>- Temporary freezing of NFTs</p><p>- Complete bypass of transaction fees or gas costs, resulting in free or heavily discounted transactions</p><p>- Cross-chain attacks causing disruption or instability in interconnected blockchains or networks</p><p>- Exploitable weaknesses in decentralized governance mechanisms, resulting in unfair voting outcomes or manipulation of governance decisions</p></td></tr><tr><td>Medium</td><td><p>- Increasing network processing node resource consumption by at least 30% without brute force actions, compared to the preceding 24 hours</p><p>- Shutdown of greater than or equal to 30% of network processing nodes without brute force actions, but does not shut down the network</p><p>- A bug in the respective layer 0/1/2 network code that results in unintended smart contract behavior with no concrete funds at direct risk</p><p>- Smart contract unable to operate due to lack of token funds</p><p>- Block stuffing</p><p>- Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol)</p><p>- Theft of gas</p><p>- Unbounded gas consumption</p><p>- Excessive transaction fees due to a bug or miscalculation in the fee calculation mechanism</p><p>- Vulnerabilities in smart contract logic or tokenomics resulting in suboptimal user experiences or inefficiencies</p></td></tr><tr><td>Low</td><td><p>- Shutdown of greater than 10% or equal to but less than 30% of network processing nodes without brute force actions but does not shut down the network</p><p>- Modification of transaction fees outside of design parameters</p><p>- Contract fails to deliver promised returns but doesn't lose value</p><p>- Low-risk issues related to documentation, code comments, or code style that do not directly affect security or functionality</p><p>- Minor inconsistencies in calculations within the smart contract that do not affect critical operations</p></td></tr></tbody></table>

Note: For our audits we include 'critical' issues within the classification 'high' issues.&#x20;