Smart contracts

This is a vulnerability classification table for smart contracts (v2.0)


  • Direct theft of funds or NFT

  • Permanent freezing of funds or NFT

  • Government result manipulation

  • Protocol insolvency


  • Temporary freezing of funds or NFT

  • Theft of unclaimed funds (royalty, yield)

  • Permanent freezing of unclaimed funds (royalty, yield)


  • Theft of gas

  • Gas Limit and Out-of-Gas Issues. Contract fails to handle gas limits properly, leading to unexpected halts in contract execution. Incomplete transactions, loss of user funds, and disruption of contract functionality.

  • Denial of service (DoS). Vulnerabilities that allow an attacker to consume excessive gas, causing a contract to become unresponsive or leading to wasted computational resources. Temporary or permanent disruption of contract functionality, hindering legitimate users from interacting with the contract.

  • No profit attacks that damage users or protocol (Griefing). Attacks that hurt the operation of the smart contract system, despite providing no direct profit for the attackers.


  • Contract fails to provide promised returns

If the issue is not under one of the mentioned vulnerabilities, we use the Common Vulnerability Scoring System to assess the severity of your vulnerability.

Last updated