Risk Matrix

Framework

In assessing the severity of a risk, LazyOtter employs a Risk matrix, which gauges the likelihood of a detected threat turning into an actual damaging event. The likelihood is divided into four levels: Improbable, Remote, Probable, and Frequent and it directly affects the importance of the alert.

Let's take an 'Anomaly gas' alert as an example. This alert signifies an unusual amount of gas being used in a transaction. While this can be a warning sign, it doesn't always indicate a threat. High gas usage can be due to various reasons such as arbitrage opportunities or network congestion. Given the diverse reasons for an anomaly in gas usage, the Likelihood rating for this alert would be 'Improbable,' leading to a 'Low' severity rating.

On the other hand, an 'Asset drained' alert is a clear sign of potential danger. This alert is triggered when a significant portion of a contract's funds are withdrawn in a short period. Under normal circumstances, such drastic asset drainage would not occur without a good reason, and it's often a strong indicator of an attack. Therefore, the Likelihood rating for an 'Asset drained' alert is higher, likely falling under 'Probable' or even 'Frequent,' resulting in a higher severity rating.

Bot detector list

NameTypeLikelihoodImportance

Anomaly gas

Anomaly transactions

Improbable: 1

Low

Large volume

Anomaly transactions

Improbable: 1

Low

Asset drained

Anomaly transactions

Frequent: 4

High

Reentrancy

Anomaly transactions

Frequent: 4

High

Text messaging

Anomaly transactions

Improbable: 1

Low

High value transaction

Anomaly transactions

Improbable: 1

Low

Flashloan

Anomaly transactions

Remote: 2

Medium

Liquidation (Lending protocols exclusive)

Anomaly transactions

Remote: 2

Medium

Contract upgrade

Operation

Probable: 3

Medium

Parameter change

Operation

Probable: 3

Medium

Admin changes

Operation

Probable: 3

Medium

Pause control

Operation

Improbable: 1

Low

Abnormal price changes

Market

Remote: 2

Medium

Tornado cash interaction

Malicious address

Remote: 2

Medium

Sanctioned addresses

Malicious address

Remote: 2

Medium

Last updated