# Risk Matrix

### Framework

In assessing the severity of a risk, LazyOtter employs a Risk matrix, which gauges the likelihood of a detected threat turning into an actual damaging event. The likelihood is divided into four levels: Improbable, Remote, Probable, and Frequent and it directly affects the importance of the alert.

Let's take an 'Anomaly gas' alert as an example. This alert signifies an unusual amount of gas being used in a transaction. While this can be a warning sign, it doesn't always indicate a threat. High gas usage can be due to various reasons such as arbitrage opportunities or network congestion. Given the diverse reasons for an anomaly in gas usage, the Likelihood rating for this alert would be 'Improbable,' leading to a 'Low' severity rating.

On the other hand, an 'Asset drained' alert is a clear sign of potential danger. This alert is triggered when a significant portion of a contract's funds are withdrawn in a short period. Under normal circumstances, such drastic asset drainage would not occur without a good reason, and it's often a strong indicator of an attack. Therefore, the Likelihood rating for an 'Asset drained' alert is higher, likely falling under 'Probable' or even 'Frequent,' resulting in a higher severity rating.

### Bot detector list

<table><thead><tr><th width="246.33333333333337">Name</th><th width="203">Type</th><th width="145">Likelihood</th><th>Importance</th></tr></thead><tbody><tr><td>Anomaly gas</td><td>Anomaly transactions</td><td>Improbable: 1</td><td><mark style="background-color:green;">Low</mark></td></tr><tr><td>Large volume</td><td>Anomaly transactions</td><td>Improbable: 1</td><td><mark style="background-color:green;">Low</mark></td></tr><tr><td>Asset drained</td><td>Anomaly transactions</td><td>Frequent: 4</td><td><mark style="background-color:red;">High</mark></td></tr><tr><td>Reentrancy</td><td>Anomaly transactions</td><td>Frequent: 4</td><td><mark style="background-color:red;">High</mark></td></tr><tr><td>Text messaging</td><td>Anomaly transactions</td><td>Improbable: 1</td><td><mark style="background-color:green;">Low</mark></td></tr><tr><td>High value transaction</td><td>Anomaly transactions</td><td>Improbable: 1</td><td><mark style="background-color:green;">Low</mark></td></tr><tr><td>Flashloan</td><td>Anomaly transactions</td><td>Remote: 2</td><td><mark style="background-color:orange;">Medium</mark></td></tr><tr><td>Liquidation (Lending protocols exclusive)</td><td>Anomaly transactions</td><td>Remote: 2</td><td><mark style="background-color:orange;">Medium</mark></td></tr><tr><td>Contract upgrade</td><td>Operation</td><td>Probable: 3</td><td><mark style="background-color:orange;">Medium</mark></td></tr><tr><td>Parameter change</td><td>Operation</td><td>Probable: 3</td><td><mark style="background-color:orange;">Medium</mark></td></tr><tr><td>Admin changes</td><td>Operation</td><td>Probable: 3</td><td><mark style="background-color:orange;">Medium</mark></td></tr><tr><td>Pause control</td><td>Operation</td><td>Improbable: 1</td><td><mark style="background-color:green;">Low</mark></td></tr><tr><td>Abnormal price changes</td><td>Market</td><td>Remote: 2</td><td><mark style="background-color:orange;">Medium</mark></td></tr><tr><td>Tornado cash interaction</td><td>Malicious address</td><td>Remote: 2</td><td><mark style="background-color:orange;">Medium</mark></td></tr><tr><td>Sanctioned addresses</td><td>Malicious address</td><td>Remote: 2</td><td><mark style="background-color:orange;">Medium</mark></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://lazyotter.gitbook.io/lazyotter/products/risk-monitoring-and-alerts/risk-matrix.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.