Understanding Results

This guide helps you interpret scan results and take action on findings.

Results Overview

After a scan completes, the results page shows:

Summary Section - Quick overview of all findings
Findings List - Detailed list of vulnerabilities
Scanner Status - Which scanners ran and their status
Export Options - Download results in various formats

The Summary Section

The summary provides at-a-glance metrics:

Severity Breakdown

Critical: 1  |  High: 3  |  Medium: 5  |  Low: 12

Each severity level indicates urgency:

Severity	Urgency	Examples
Critical	Fix immediately	Reentrancy, arbitrary call, access bypass
High	Fix before deployment	Unchecked return, overflow, flash loan risk
Medium	Plan to address	Missing events, centralization, gas issues
Low	Consider addressing	Code style, naming, unused variables

Scan Statistics

Contract size: Lines of code analyzed
Scan duration: Time to complete
Scanners run: Number of scanners used
Unique findings: After deduplication

Reading Individual Findings

Each finding contains several sections:

Title and Severity

The title describes the vulnerability type:

"Reentrancy vulnerability in withdraw()"
"Unchecked return value from transfer()"
"Missing access control on admin function"

Severity is color-coded for quick recognition.

Location

Shows where the issue is in your code:

File: Contract file name
Line: Specific line number(s)
Function: Which function is affected

Description

Explains the vulnerability:

What the issue is
Why it's a problem
How it could be exploited

Code Snippet

Shows the relevant source code with the vulnerable line highlighted:

42  function withdraw(uint amount) external {
43      require(balances[msg.sender] >= amount);
44 →    (bool success, ) = msg.sender.call{value: amount}("");  // Vulnerable
45      require(success);
46      balances[msg.sender] -= amount;  // State change after external call
47  }

Recommendation

Provides guidance on how to fix:

Apply the checks-effects-interactions pattern:
1. Check conditions (require statements)
2. Update state (balances)
3. Make external calls last

Consider using ReentrancyGuard from OpenZeppelin.

Scanner Source

Indicates which scanner found this issue:

Scanner name (e.g., Slither, Aderyn)
Detector ID (e.g., reentrancy-eth)
Confidence level (High, Medium, Low)

Severity Levels Explained

Critical

What it means: The contract can be exploited with high impact.

Characteristics:

Direct loss of funds possible
Access control can be bypassed
Contract can be permanently broken

Examples:

Reentrancy allowing fund drainage
Anyone can call admin functions
Arbitrary code execution

Action: Fix before any deployment or testing with real value.

High

What it means: Significant security risk that needs attention.

Characteristics:

Potential for fund loss under specific conditions
Logic bugs that break core functionality
Missing critical validations

Examples:

Unchecked external call return values
Integer overflow in balance calculations
Flash loan attack vectors

Action: Fix in current development cycle before deployment.

Medium

What it means: Issues that should be addressed but aren't immediately exploitable.

Characteristics:

May lead to unexpected behavior
Centralization risks
Missing best practices

Examples:

Missing event emissions
Single admin key risks
Floating pragma versions
DoS possibilities under edge cases

Action: Plan to address, document if accepting risk.

Low

What it means: Minor issues, code quality, or informational findings.

Characteristics:

No direct security impact
Code style improvements
Gas optimizations
Documentation gaps

Examples:

Variable naming conventions
Unused variables or imports
Suboptimal gas patterns
Missing NatSpec comments

Action: Address during code cleanup, low priority.

Multi-Scanner Results

BlockSecOps runs multiple scanners and intelligently combines results.

Deduplication

When multiple scanners find the same issue:

Findings are grouped together
You see one entry, not duplicates
Scanner sources are listed
Best description is selected

Why Multiple Scanners?

Different scanners find different things:

Scanner Type	Finds	Misses
Static Analysis	Known patterns, fast	Novel attacks
Fuzzing	Edge cases, runtime bugs	Needs test harness
Symbolic Execution	Mathematical proofs	Complex contracts
Linting	Code quality	Security issues

By combining scanners, you get comprehensive coverage.

Confidence Levels

Findings include confidence indicators:

High Confidence: Very likely a real issue
Medium Confidence: Probably an issue, verify
Low Confidence: Possible false positive, investigate

Managing Findings

Status Options

Update finding status as you work:

Status	Meaning
Open	New finding, not yet reviewed
Acknowledged	Reviewed, will address
Fixed	Issue has been resolved
False Positive	Not actually a vulnerability
Won't Fix	Accepted risk, documented reason

Adding Notes

Add comments to findings:

Document your analysis
Note why something is a false positive
Track fix progress
Communicate with team

Assignments

Assign findings to team members:

Owner responsible for fix
Due dates for tracking
Email notifications

Exporting Results

PDF Report

Professional report for sharing:

Executive summary
Detailed findings
Code snippets
Recommendations

Ideal for: Auditors, management, documentation

JSON Export

Machine-readable format:

All finding data
Metadata included
Easy to process

Ideal for: CI/CD integration, custom tooling

SARIF Format

Standard format for security tools:

Import into GitHub Security
VS Code SARIF Viewer
Other security platforms

Common Patterns

True Positives

Signs a finding is real:

Matches known vulnerability patterns
Logic clearly incorrect
Confirmed by multiple scanners

False Positives

Signs to investigate further:

Context makes it safe (e.g., admin-only function)
Scanner doesn't understand full logic
Protected by other mechanisms

What to Do About False Positives

Verify - Confirm it's truly safe
Document - Note why it's a false positive
Mark - Set status to "False Positive"
Consider - Could code be clearer?

Next Steps

Managing Findings - Triage workflow
False Positives - Identifying false positives
Exporting Reports - Download options
Next Steps - Where to go from here