Last updated: 2020-12-10
At Immunefi, we classify bugs on a simplified 5-level scale:
This scale encompasses all the aspects of a bug, from the consequence of a successful exploit, to the level of access required to exploit it, to the probability that an exploitation attempt will be successful.
For example:
A bug that results in loss of contract funds is more severe than a bug that temporarily prevents token holders from transferring their tokens.
A bug that can be triggered by any token holder is more severe than a bug that requires a pricing oracle to go rogue.
A bug that can be triggered by a third party invoking a particular function/method is more severe than a bug that requires the affected token holder to invoke that same function/method.
The table below is mostly concerned with the consequence of a successful exploit. Keep in mind that if the exploit requires elevated privileges or uncommon user interaction, the level of the bug may be downgraded to reflect that.
Level | Examples |
---|---|
5. Critical |
|
4. High |
|
3. Medium |
|
2. Low |
|
1. None |
|
Level | Examples |
---|---|
5. Critical |
|
4. High |
|
3. Medium |
|
2. Low |
|
1. None |
|
Join our whitehat community and get notified when new bounties launch on the platform