Captures whether triggering the bug requires compromising a privileged account.
Any account can trigger the bug
Captures the cost of triggering the bug relative to the cost of sending a single transaction on the relevant blockchain without transferring value. Includes but is not limited to financial, operational and computational cost
The cost is comparable to sending a few transactions
Describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. Includes but is not limited to macro situation, available third-party liquidity and regulatory challenges.
No specific conditions are required or the required conditions are relatively common
Refine the severity score by considering the impact to the system environment and third-party entities.
Describes the share of the consequences that can be reversed. For upgradeable systems, assume the required privileges are available.
The consequences are irreversible
Captures whether a vulnerability in one vulnerable system impacts resources in other systems
The impact is isolated to the affected system and its direct users
Captures the scale of the consequences of triggering the bug.
Measures the impact to the confidentiality of the data processed or persisted on-chain.
No data is affected
Measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. This metric refers to features and functionality, not state. Availability impact directly affecting Deposit or Yield is excluded.
No features are affected
Measures the impact to the trustworthiness and veracity of data stored and/or processed on-chain.
No data is affected
Captures the impact to the deposits made to the system by either users or owners. Measured per depositing account.
No funds are affected
Captures the impact to the yield generated by the system for either users or owners.
No yield is affected
AO:A/AC:L/AX:L/R:N/S:P/C:N/A:N/I:N/D:N/Y:N - 0.00 - None