Blockchain protocols
This is a vulnerability classification table for blockchain protocols (v2.0)
Last updated
This is a vulnerability classification table for blockchain protocols (v2.0)
Last updated
This classification applies to vulnerabilities that affect the core blockchain protocol or node-level consensus/security.
Severity
Example Vulnerabilities
🔴 Critical
- Direct theft of funds (e.g., ledger corruption, consensus manipulation) - Permanent freezing of funds (irrecoverable protocol-level lock) - Total network shutdown - Network unable to confirm transactions - Resolution requires a hard fork - Consensus Manipulation or Fork Creation: Beyond shutdown, include the risk of chain split or invalid blocks.
🟠 High
- Application-level Denial of Service (DoS) - Causes any node to crash under specific payloads or conditions - Attack can be mitigated via firewall rules - Temporary freezing of network transactions - Temporary freezing of funds (e.g., liveness failure)
🟡 Medium
- Application-level DoS affecting a subset of nodes (non-catastrophic) - Unintended smart contract behavior due to protocol quirks or edge-case consensus rules - Time Manipulation Attacks: Exploiting timestamp dependencies in consensus or smart contract behavior. - Block Reorg Exploits: Minor reorganizations that can affect specific dApps or applications.
🟢 Low
- Shutdown of <25% of network nodes (non-critical, no brute-force) - Transaction fee modification or miscalculation without economic impact - P2P Gossip Layer Issues: e.g., propagation delays, non-malicious message flooding, etc.
If the issue is not under one of the mentioned vulnerabilities, we use the to assess the severity of your vulnerability.