Attack Vector (MAV)

This metric reflects the context by which vulnerability exploitation is possible. The Score increases the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable component.

In terms of applicability to Web3 threats, most of them will be exploitable remotely (network), e.g. in case of smart contract vulnerabilities.

There are examples of off-chain parts like nodes and oracles that may have vulnerabilities that are exploitable only in more restricted network environments, e.g., if the illicit actor has access to the local network.