# Blockchain protocols

This classification applies to vulnerabilities that affect the core blockchain protocol or node-level consensus/security.

| **Severity**    | **Example Vulnerabilities**                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| --------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| 🔴 **Critical** | <p>- <strong>Direct theft of funds</strong> (e.g., ledger corruption, consensus manipulation)<br>- <strong>Permanent freezing of funds</strong> (irrecoverable protocol-level lock)<br>- <strong>Total network shutdown</strong><br>    - Network unable to confirm transactions<br>    - Resolution requires a <strong>hard fork</strong><br><strong>- Consensus Manipulation or Fork Creation</strong>: Beyond shutdown, include the risk of chain split or invalid blocks.</p> |
| 🟠 **High**     | <p>- <strong>Application-level Denial of Service (DoS)</strong><br>    - Causes any node to crash under specific payloads or conditions<br>    - Attack can be mitigated via firewall rules<br>- <strong>Temporary freezing of network transactions</strong><br>- <strong>Temporary freezing of funds</strong> (e.g., liveness failure)</p>                                                                                                                                       |
| 🟡 **Medium**   | <p>- <strong>Application-level DoS</strong> affecting <strong>a subset of nodes</strong> (non-catastrophic)<br>- <strong>Unintended smart contract behavior</strong> due to protocol quirks or edge-case consensus rules<br>- <strong>Time Manipulation Attacks</strong>: Exploiting timestamp dependencies in consensus or smart contract behavior.<br>- <strong>Block Reorg Exploits</strong>: Minor reorganizations that can affect specific dApps or applications.</p>        |
| 🟢 **Low**      | <p>- <strong>Shutdown of <25% of network nodes</strong> (non-critical, no brute-force)<br>- <strong>Transaction fee modification or miscalculation</strong> without economic impact<br>- <strong>P2P Gossip Layer Issues</strong>: e.g., propagation delays, non-malicious message flooding, etc.</p>                                                                                                                                                                             |

If the issue is not under one of the mentioned vulnerabilities, we use the [Common Vulnerability Scoring System](http://159.89.29.143/redirect?url=https://www.first.org/cvss/user-guide) to assess the severity of your vulnerability.