SCSVS-ARCH-3
S1.3 Threat Modeling
Control Objective
Identify, assess, and mitigate security threats for smart contract systems by implementing a thorough threat modeling process, ensuring that risks are minimized and protections are in place for critical contract features.
Security Verification Requirements
S1.3.A Identifying Threats
SCSVS VR ID Requirement
L1
L2
L3
SWE
S1.3.A1
Verify that potential threats are identified and documented.
✓
✓
✓
S1.3.A2
Ensure that the threat identification process includes input from security experts.
✓
✓
S1.3.A3
Check that threats are categorized based on their impact and likelihood.
✓
✓
S1.3.A4
Implement protections against front-running in governor proposal creation to prevent attackers from blocking proposals or gaining undue advantages.
✓
S1.3.B Assessing Risks
SCSVS VR ID Requirement
L1
L2
L3
SWE
S1.3.B1
Verify that risk assessments are performed for identified threats.
✓
✓
S1.3.B2
Ensure that risks are prioritized based on their potential impact and likelihood.
✓
✓
S1.3.B3
Check that risk assessment results are documented and reviewed.
✓
✓
S1.3.C Implementing Mitigations
SCSVS VR ID Requirement
L1
L2
L3
SWE
S1.3.C1
Verify that mitigations are implemented for high-priority risks.
✓
✓
S1.3.C2
Ensure that mitigation strategies are documented and tested.
✓
✓
S1.3.C3
Check that the effectiveness of implemented mitigations is reviewed and validated.
✓
✓