In my current smart contract auditing, I sometimes need help setting proper severity as it is more challenging than I remember from Web2 bug bounty or pentesting. In Web2, we have primarily standardised issues such as XSS, CSRF, SSRF, SQLi, and IDORs. We can easily use the CVSS calculator or Bugcrowd VRT to set severity.…

Continue Reading →