Exclusionary Criteria in Audits

Exclusionary criteria define specific areas or risks that an auditor explicitly chooses not to evaluate during a security assessment. These might include off-chain components, social engineering risks, or specific complex edge cases that fall outside the agreed-upon scope.

Understanding these exclusions is vital for risk management, as it identifies where the protocol remains vulnerable despite the audit. Protocols often exclude legacy code or third-party integrations to focus resources on new, high-risk features.

Recognizing these gaps is necessary for a complete understanding of the protocol security posture.