Vulnerability Categories
Odin Scan classifies findings using a structured system of severity levels, confidence levels, and vulnerability categories. Each finding includes actionable information to help developers understand and remediate the issue.
Severity Levels
| Severity | Description |
|---|---|
| Critical | Exploitable vulnerabilities that can lead to direct loss of funds, total contract takeover, or irreversible damage. Requires immediate attention. |
| High | Significant vulnerabilities that can lead to partial fund loss, unauthorized privilege escalation, or major contract malfunction under specific conditions. |
| Medium | Issues that could lead to unexpected behavior, minor fund risk, or contract malfunction under unlikely but possible conditions. |
| Low | Code quality issues, minor inefficiencies, or patterns that deviate from best practices but pose limited direct risk. |
| Informational | Observations, suggestions, and style issues with no direct security impact. Includes findings demoted by the severity adjustment stage. |
Confidence Levels
Each finding carries a confidence level that reflects how certain Odin Scan is about the reported vulnerability:
| Confidence | Description |
|---|---|
| High | Finding confirmed by multiple sources (cross-agent agreement or static analysis match). High likelihood of being a true positive. |
| Medium | Finding reported by at least one AI agent with supporting evidence in the code. Likely a true positive but warrants manual review. |
| Low | Finding reported by a single source with limited supporting evidence. May be a false positive – review recommended. |
Confidence is boosted automatically when multiple independent analyzers flag the same issue. See Multi-Agent AI for details on the confidence boosting mechanism.
Vulnerability Categories
Odin Scan uses the following categories to classify findings:
Reentrancy
External calls that allow re-entering the contract before state updates are completed. Applies to EVM (cross-function and cross-contract reentrancy) and CosmWasm (via submessage replies).
Integer Overflow
Arithmetic operations that exceed the maximum or minimum value of their type. Relevant to older Solidity versions (pre-0.8.0) and Rust code using unchecked operations.
Access Control
Missing or insufficient authorization checks on privileged operations. Includes admin functions without ownership verification, missing signer checks on Solana, and unprotected entry points in CosmWasm.
State Management
Incorrect handling of contract state: reading stale data, writing state in the wrong order, failing to persist storage changes, or introducing race conditions between state transitions.
Input Validation
Insufficient validation of external inputs including function parameters, message fields, and account data. Covers missing bounds checks, type confusion, and unvalidated addresses.
Logic Errors
Flaws in business logic that cause the contract to behave contrary to its intended design. Includes incorrect fee calculations, broken invariants, and flawed conditional logic.
Gas Optimization
Patterns that waste computational resources. Includes unbounded loops, redundant storage operations, and inefficient data structures. Classified as Low or Informational severity.
Denial of Service (DoS)
Patterns that allow an attacker to make the contract unusable. Includes griefing vectors, unbounded iteration over user-controlled data, and blocking withdrawal patterns.
Information Disclosure
Unintended exposure of sensitive data through events, return values, or predictable state. Includes leaking private data in public transaction logs.
Timestamp Dependence
Reliance on block timestamps for security-critical logic. Timestamps can be manipulated by validators within certain bounds, making them unreliable for randomness or precise time checks.
Finding Structure
Each finding reported by Odin Scan includes the following fields:
| Field | Description |
|---|---|
| Title | Short description of the vulnerability |
| Description | Detailed explanation of the issue, how it can be exploited, and why it matters |
| Severity | Critical, High, Medium, Low, or Informational |
| Confidence | High, Medium, or Low |
| Category | One of the categories listed above |
| Location | File path and line number(s) where the vulnerability exists |
| Remediation | Recommended fix with code guidance |
| PoC | Proof-of-concept code demonstrating the exploit (when available) |
False Positive Reduction
Odin Scan applies multiple layers to reduce false positives before findings reach the final report:
-
Verification – AI-generated findings are cross-checked against the source code to confirm that the vulnerability is present and reachable.
-
Severity Adjustment – Repository context (audit history, compiler version, trust model) is used to adjust findings that may not be applicable to the specific project environment. Findings below the configured threshold are reclassified as Informational.
The combination of these layers means the findings that appear in the final report have passed through multiple validation steps and are more likely to represent genuine issues.