Skip to content

SCSVS-ARCH-3

S1.3 Threat Modeling

Control Objective

Identify, assess, and mitigate security threats for smart contract systems by implementing a thorough threat modeling process, ensuring that risks are minimized and protections are in place for critical contract features.

Security Verification Requirements

S1.3.A Identifying Threats

SCSVS VR ID Requirement L1 L2 L3 SWE
S1.3.A1 Verify that potential threats are identified and documented. ✓ ✓ ✓
S1.3.A2 Ensure that the threat identification process includes input from security experts. ✓ ✓
S1.3.A3 Check that threats are categorized based on their impact and likelihood. ✓ ✓
S1.3.A4 Implement protections against front-running in governor proposal creation to prevent attackers from blocking proposals or gaining undue advantages. ✓

S1.3.B Assessing Risks

SCSVS VR ID Requirement L1 L2 L3 SWE
S1.3.B1 Verify that risk assessments are performed for identified threats. ✓ ✓
S1.3.B2 Ensure that risks are prioritized based on their potential impact and likelihood. ✓ ✓
S1.3.B3 Check that risk assessment results are documented and reviewed. ✓ ✓

S1.3.C Implementing Mitigations

SCSVS VR ID Requirement L1 L2 L3 SWE
S1.3.C1 Verify that mitigations are implemented for high-priority risks. ✓ ✓
S1.3.C2 Ensure that mitigation strategies are documented and tested. ✓ ✓
S1.3.C3 Check that the effectiveness of implemented mitigations is reviewed and validated. ✓ ✓