We’ll categorize your security issues according to the following levels:

1. Undetermined: **The extent of the risk was not determined during this engagement.
2. Informational: **The issue does not pose an immediate risk, but is relevant to security best practices or Defense in Depth.
3. Low: **The risk is relatively small or is not a risk the customer will be impacted.
4. Medium: **Individual user’s information is at risk, exploitation would be bad for client’s reputation, moderate financial impact, possible legal implications for client.
5. High: **Large numbers of users, very bad for client’s reputation, or serious legal or financial implications.

The pricing for each level is as:

Example scenario

Let’s say you opted for a security audit (but not the gas audit) in the Full Technical Audit. We’ll initiate a scalability analysis in parallel with the security audit.

Assume we uncovered 3 Low, 4 Medium, and 1 High, vulnerability in your smart contract during the security audit. However, 2 of the Low vulnerabilities were also discovered during the scalability analysis. In this case, your billing will be as follows: