Findings in the audit represent the result of the audit process where there is a detailed output of the Auditor’s analysis and tests. In the findings, we often find an assessment of the quality of the code, quality and clarity of the documentation, or the issues found.
In Ackee Blockchain, audit issues are divided into different categories: informational, warning, low, medium, high and critical.
- Informational issues are on the border-line between code quality and security and these kinds of issues can be security-related if code or configuration is changed
- Warning issues cannot be exploited given the audited code and/or configuration, but could be a security vulnerability if code changes
- Low severity issues are more comments and recommendations rather than security issues.
- Medium severity issues aren’t security vulnerabilities but should be clarified or fixed.
- High severity issues are security vulnerabilities, which require specific steps and conditions to be exploited. These issues have to be fixed.
- Critical severity issues are security threats, which could be instantly misused to attack the system. These issues have to be fixed.