Severity Classification

Severity classification is the process of assigning a risk level to a discovered vulnerability, such as low, medium, high, or critical. This classification helps developers and stakeholders prioritize remediation efforts based on the potential impact and likelihood of an exploit.

Factors include the amount of funds at risk, the ease of exploitation, and the potential for cascading failure. For example, a vulnerability that allows an attacker to drain a liquidity pool is classified as critical, while a minor gas inefficiency might be low.

Clear severity definitions ensure that resources are allocated to the most dangerous issues first. This is a critical part of bug bounty programs and internal security audits.

By standardizing these levels, protocols can communicate risk effectively to their community and maintain a disciplined approach to security management.