Loading...
Loading...
Compare original and translation side by side
| Rationalization | Why It's Wrong | Required Action |
|---|---|---|
| "Found some findings, assessment complete" | Assessment requires evaluating ALL 9 categories | Complete assessment of all 9 categories with evidence for each |
| "I see events, auditing category looks good" | Events alone don't equal auditing maturity | Check logging comprehensiveness, testing, incident response processes |
| "Code looks simple, complexity is low" | Visual simplicity masks composition complexity | Analyze cyclomatic complexity, dependency depth, state machine transitions |
| "Not a DeFi protocol, MEV category doesn't apply" | MEV extends beyond DeFi (governance, NFTs, games) | Verify with transaction ordering analysis before declaring N/A |
| "No assembly found, low-level category is N/A" | Low-level risks include external calls, delegatecall, inline assembly | Search for all low-level patterns before skipping category |
| "This is taking too long" | Thorough assessment requires time per category | Complete all 9 categories, ask clarifying questions about off-chain processes |
| "I can rate this without evidence" | Ratings without file:line references = unsubstantiated claims | Collect concrete code evidence for every category assessment |
| "User will know what to improve" | Vague guidance = no action | Provide priority-ordered roadmap with specific improvements and effort estimates |
| 误区 | 错误原因 | 要求操作 |
|---|---|---|
| “发现一些问题,评估完成” | 评估需要覆盖所有9个类别 | 完成所有9个类别的评估,并为每个类别提供证据 |
| “我看到事件了,审计类别看起来没问题” | 仅事件并不等同于审计成熟度 | 检查日志全面性、测试情况及事件响应流程 |
| “代码看起来简单,复杂度很低” | 视觉上的简单可能掩盖组合复杂度 | 分析圈复杂度、依赖深度、状态机转换 |
| “这不是DeFi协议,MEV类别不适用” | MEV的影响范围超出DeFi(治理、NFT、游戏等) | 在标记为不适用前,先进行交易排序分析 |
| “未发现汇编代码,底层类别不适用” | 底层风险包括外部调用、delegatecall、内联汇编 | 在跳过该类别前,搜索所有底层代码模式 |
| “这太耗时了” | 全面评估需要为每个类别投入时间 | 完成所有9个类别评估,询问链下流程的澄清问题 |
| “我可以不用证据直接评级” | 没有文件:行号引用的评级是无根据的声明 | 为每个类别评估收集具体的代码证据 |
| “用户知道该怎么改进” | 模糊的指导无法推动行动 | 提供按优先级排序的路线图,包含具体改进措施和工作量估算 |