Difference Between Critical, High, Medium, and Low Audit Issues

What This Error Actually Is

Audit severity classifications categorize security findings based on their potential impact and likelihood of exploitation. This standardized framework helps teams prioritize remediation efforts and understand the risk profile of their smart contracts.

Why This Commonly Happens

Severity classifications vary between auditors based on their assessment methodology, risk tolerance, and interpretation of the contract's intended functionality. What one auditor classifies as High might be Medium for another based on contextual factors.

What It Does Not Mean (Common Misinterpretations)

Lower severity findings are not necessarily safe to ignore. Medium and Low findings can compound or create attack vectors when combined with other vulnerabilities or specific deployment conditions.

How This Type of Issue Is Typically Analyzed

Severity assessment considers both impact (potential damage) and likelihood (ease of exploitation). Critical issues have high impact and high likelihood, while Low issues have minimal impact or very low likelihood.

Common Risk Areas or Oversights

Context-dependent severity means that the same vulnerability might have different severity levels in different contracts based on the value at risk, user base, and deployment environment.

Scope & Responsibility Boundary Disclaimer

This analysis explains general severity classification principles but does not provide specific guidance on how to classify findings in any particular audit or contract assessment.