impact
The dimensions the interaction defines — value exit, accounting, authorization, liquidation, oracle, external call, periphery, connector, share/fee, lifecycle, cross-contract — each add points.
Interaction matrix (v6)
The bugs that live between two functions.
A single function can be fully tested and still combine dangerously with another: a
value-exit that also makes an external call, a liquidation that depends on an oracle, a
signed claim that relies on a nonce. arkheionx interaction-matrix surfaces
these combinations and scores how much review attention each deserves. An interaction
candidate is not a vulnerability.
The score
Nothing is hidden.
interaction_priority = impact + review_gap + complexity
85+ very-high
65-84 high
40-64 medium
below 40 monitorreview gap
The weakest constituent evidence drives the gap: no evidence adds the most, strong evidence adds nothing.
complexity
Cross-contract, external call, periphery, lifecycle, signature/Merkle, oracle/accounting, and loop/batch each add points.
Run it
Find the combinations that lack tests.
arkheionx interaction-matrix .
arkheionx interaction-matrix . --json
arkheionx interaction-matrix . --out .arkheionx/interaction-matrix
arkheionx interaction-matrix . --only-unresolvedBoundary
A review order, not a severity.
Interaction priority is a heuristic review order. It is never a severity or an
exploitability estimate. An interaction candidate is a review prompt, not a finding.
ArkheionX does not confirm vulnerabilities. Human review is required. See
docs/INTERACTION_MATRIX.md.