- True positive: Found by query and is an actual vulnerability
- False positive: Found by query but is not an actual vulnerability
- True negative: Not found by query but is an actual vulnerability
- Not in an ABCI path (e.g. present in test or simulation packages)
- Never used (e.g. a function that is never called)
- Not what query author intended (query too broad)
- Does not perform deterministic-dependent actions (e.g. cloning a map in range over map, or goroutines with only prints)
- Protobuf (or other auto generated) files should be ignored
- Genesis related code can be ignored?
- Bech32 constant is later passed to the config
- Int is a small constant value which does not affect architectures
- The code is not understood well enough to make a decision
- Unsure whether the result can be nondeterministic
- BeginEndBlock Panic
- Map Iteration
- Bech32
- Goroutine
- Floating Point
- System time
- Sensitive Import
- Platform Dependent types