Judging

On the formal close date of the Audit, the AuditDAO team will examine the issue, eliminate duplicates, and determine all issues. AuditDAO focuses only on findings of high and medium severity, which are the types of vulnerabilities that cause the loss of user funds and cause the most significant damage to the reputation of the protocol AuditDAO is trying to protect.

Problem Criteria:

Medium：A problem that would put the protocol in a position where it could be attacked and potentially lose a substantial amount of money. The attack path should be capable of mimicking conditions on the chain or with assumptions that reflect conditions that are sufficiently likely to do so in the future. The higher the cost to the attacker of attacking that risk, the less likely the risk will be considered moderate (if all else is constant). The vulnerability must not be considered an acceptable risk by the protocol team (because it is not cosmetic).

High：that the vulnerability will result in a significant loss of funds and that the attack can be done cheaply against the funds being hacked. The attack must be possible under reasonable assumptions that mimic on-chain conditions. The vulnerability must not be considered an acceptable risk by the protocol team.

Case Study

Denial of Service attack (DOS), griefing, and contract locking count as moderate (or high) problems? If the DOS, etc. lasts for a known finite amount of time (less than one year), it does not count. If funds are inaccessible for more than a year, then it would count as a loss of funds and could receive a "medium" or "high" designation. The greater the cost of the attack to the attacker, the less severe the problem.