SCSVS-ARCH-3
S1.3 Threat Modeling
Control Objective
Identify, assess, and mitigate security threats for smart contract systems by implementing a thorough threat modeling process, ensuring that risks are minimized and protections are in place for critical contract features.
Security Verification Requirements
S1.3.A Identifying Threats
SCSVS VR ID |
Requirement |
L1 |
L2 |
L3 |
SWE |
S1.3.A1 |
Verify that potential threats are identified and documented. |
✓ |
✓ |
✓ |
|
S1.3.A2 |
Ensure that the threat identification process includes input from security experts. |
|
✓ |
✓ |
|
S1.3.A3 |
Check that threats are categorized based on their impact and likelihood. |
|
✓ |
✓ |
|
S1.3.A4 |
Implement protections against front-running in governor proposal creation to prevent attackers from blocking proposals or gaining undue advantages. |
|
|
✓ |
|
S1.3.B Assessing Risks
SCSVS VR ID |
Requirement |
L1 |
L2 |
L3 |
SWE |
S1.3.B1 |
Verify that risk assessments are performed for identified threats. |
|
✓ |
✓ |
|
S1.3.B2 |
Ensure that risks are prioritized based on their potential impact and likelihood. |
|
✓ |
✓ |
|
S1.3.B3 |
Check that risk assessment results are documented and reviewed. |
|
✓ |
✓ |
|
S1.3.C Implementing Mitigations
SCSVS VR ID |
Requirement |
L1 |
L2 |
L3 |
SWE |
S1.3.C1 |
Verify that mitigations are implemented for high-priority risks. |
|
✓ |
✓ |
|
S1.3.C2 |
Ensure that mitigation strategies are documented and tested. |
|
✓ |
✓ |
|
S1.3.C3 |
Check that the effectiveness of implemented mitigations is reviewed and validated. |
|
✓ |
✓ |
|