One of the reasons why I am interested in the blockchain world is it's complexity. The web3 backend that executes the client's transaction is an intricate "system of systems" that relies on concepts from variety of disciplines such as databases, P2P networking, cryptography, virtualization, Turing-complete machines, etc.. Actually, understanding blockchain was one of the most difficult things for me and kind of a milestone on the road to professional / nerdy growth (after C pointers, assembly and math).

My instinct tells me that where the complexity is present, vulnerabilities follow. Well, this correlates with available data on the current (2023) threat landscape that informs us that ransomware and crypto attacks are in top 3 when it comes to generating damages [source needed]. Before I delve into specific categories of threats, I wanted to prepare a threat model to be able to enumerate all the interesting vectors.

My approach to threat models is to start from the client's perspective. I am exploring all of the use cases and it allows me to understand the significance of the product / service components. Good understanding of all components and their interconnections forms a foundation of a good threat model.

‍

‍

‍

‍

‍

For a while now I was preparing to write a series of articles on various threat models that are present in the ecosystem.

My goal is to create a couple of simplified threat models for various solutions based on the functionality provided and business / mission processes that are executed using this functionality. The problem is complexity.

‍