AuditOne Docs
  • 🚀About AuditOne
  • Why AuditOne
  • Our Vision
  • What makes us different?
  • Free Tools
    • Price Calculator
    • Security Checklist
    • EU Compliance Checker
  • Services
    • CoinIntel Report
    • How to Bridge AUDIT Tokens Between the IOTA and BASE Networks
    • Lock AUDIT Token
    • AI Systems Audit
    • Trust Layer for Platforms
      • Security Audit
      • 360-Degree Audit
      • Penetration Testing
      • KYC
    • Bug Bounty
  • $AUDIT Tokenomics
  • SafuraDAO (Coverage)
  • 🧑‍🚀STAKEHOLDERS
    • For Projects
      • Preparation & Pricing
      • Before The Audit
      • Requesting An Updated Audit
    • For Auditors
      • Auditor Levels and Rewards
      • Audit Process
      • Audit Contest Process
      • Auditor Pooling
      • GitHub Tracking
      • Compensation
      • Severity Classification
    • Community
    • Ambassadors program
      • Write an Article -1000 $AUDIT
      • Create Instagram Reels | YouTube Shorts | TitTok - 200 $AUDIT/video
      • Create Twitter | Instagram | Facebook | Threads | Reddit Post - 200 $AUDIT/Post
      • Create Youtube Horizontal Video - 200 $AUDIT/Video
  • 👨‍💻Platform
    • The all-in-one audit platform
    • Academy
    • Tools
    • Auditors
      • Join & work at AuditOne
      • Validate AI Findings
    • Bug Bounty
      • General rules and regulations
      • Bug Bounty Q&A
      • Code of Conduct
      • FAQ Hackers
  • 🪙$AUDIT TOKEN FAQ
    • Token Fairlaunch FAQ
    • Airdrops
    • Pool
    • Buy/Sell/Trade
    • Price
    • Benefits/How To Use
    • Tech/Issues
    • $AUDIT Awards
      • 🗓️Daily Quests
      • 👻Meme Contests
      • 🏆April 2024 Quiz Winners
      • 🏆May 2024 Quiz Winners
      • 🏆June 2024 Quiz Winners
      • 🏆July 2024 Quiz Winners
      • 🏆September 2024 Quiz Winners
      • 🏆October 2024 Quiz Winners
      • 🏆November 2024 Quiz Winners
      • 🏆December 2024 Quiz Winners
      • 🏆January 2025 Quiz Winners
  • 🔗Links
    • Links and Social
Powered by GitBook
On this page
  1. STAKEHOLDERS
  2. For Auditors

Severity Classification

Severity Level
Impact

Critical

- Network not able to confirm new transactions (total network shutdown)

- Unintended permanent chain split requiring hard fork (network partition requiring hard fork)

- Direct loss of funds

- Permanent freezing of funds (fix requires hard fork)

- Manipulation of governance voting results deviating from the voted outcome and resulting in a direct change from the intended effect of original results

- Direct theft of any user funds, whether at rest or in-motion, other than unclaimed yield

- Direct theft of any user NFTs, whether at-rest or in motion, other than unclaimed royalties

- Permanent freezing of NFTs

- Unauthorized minting of NFTs

- Predictable or manipulable RNG that results in abuse of the principal or NFT

- Unintended alteration of what the NFT represents (e.g. token URI, payload, artistic content)

- Protocol insolvency

High

- Unintended chain split (network partition)

- Temporary freezing of network transactions by delaying one block by 500% or more of the average block time of the preceding 24 hours beyond standard difficulty adjustments

- Causing network processing nodes to process transactions from the mempool beyond set parameters

- RPC API crash affecting projects with greater than or equal to 25% of the market capitalization on top of the respective layer

- Theft of unclaimed yield

- Theft of unclaimed royalties

- Permanent freezing of unclaimed yield

- Permanent freezing of unclaimed royalties

- Temporary freezing of funds

- Temporary freezing of NFTs

- Complete bypass of transaction fees or gas costs, resulting in free or heavily discounted transactions

- Cross-chain attacks causing disruption or instability in interconnected blockchains or networks

- Exploitable weaknesses in decentralized governance mechanisms, resulting in unfair voting outcomes or manipulation of governance decisions

Medium

- Increasing network processing node resource consumption by at least 30% without brute force actions, compared to the preceding 24 hours

- Shutdown of greater than or equal to 30% of network processing nodes without brute force actions, but does not shut down the network

- A bug in the respective layer 0/1/2 network code that results in unintended smart contract behavior with no concrete funds at direct risk

- Smart contract unable to operate due to lack of token funds

- Block stuffing

- Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol)

- Theft of gas

- Unbounded gas consumption

- Excessive transaction fees due to a bug or miscalculation in the fee calculation mechanism

- Vulnerabilities in smart contract logic or tokenomics resulting in suboptimal user experiences or inefficiencies

Low

- Shutdown of greater than 10% or equal to but less than 30% of network processing nodes without brute force actions but does not shut down the network

- Modification of transaction fees outside of design parameters

- Contract fails to deliver promised returns but doesn't lose value

- Low-risk issues related to documentation, code comments, or code style that do not directly affect security or functionality

- Minor inconsistencies in calculations within the smart contract that do not affect critical operations

Note: For our audits we include 'critical' issues within the classification 'high' issues.

PreviousCompensationNextCommunity

Last updated 11 months ago

🧑‍🚀