# Actor-Based Threat Modeling Actor-based threat modeling is a structured approach to identifying potential threats and vulnerabilities in smart contract systems by analyzing the interactions between different entities (actors) and the system. The actor-based approach to threat modeling offers a more practical, human-centric perspective compared to other methods like [STRIDE](https://en.wikipedia.org/wiki/STRIDE_model), data flow diagrams, or attack trees. By focusing on the interactions between different actors (e.g., users, administrators, attackers), it better captures the dynamic nature of threats in decentralized systems like smart contracts. This approach allows for tailored mitigation strategies based on actor motivations, priorities risks more effectively, and provides a more comprehensive view of security by considering both technical and human factors. It is particularly well-suited for decentralized systems, where multiple actors, both on-chain and off-chain, interact with the system. *** ## Key principles of Actor-Based Threat Modeling: 1. **Identify Actors** Actors are entities that interact with the smart contract. They can be: * External Users: Individuals or entities initiating transactions (e.g., token holders, DAO members). * External Smart Contracts: Other contracts interacting with the system. * Off-chain Components: Systems like oracles or bridges. * Administrators: Privileged actors with elevated permissions. 2. **Define Actor Goals and Motivations** Each actor interacts with the smart contract to achieve specific objectives: * Administrators might upgrade contracts or modify critical parameters. * Attackers aim to steal funds, disrupt operations, or exploit vulnerabilities for personal gain. 3. **Map Actor Interactions** Document how each actor interacts with the smart contract: * Which functions they can call. * What permissions or access controls are in place. * How data flows between actors and the contract. 4. **Identify Threats and Vulnerabilities** For each interaction, analyze potential threats: * External Users: Exploiting unchecked inputs, edge cases and/or lack of access control. * External Smart Contracts: Reentrancy attacks, broken composability. * Off-chain Components: Oracle manipulation, delayed data updates. * Administrators: Abuse of privileged roles, key compromise. 5. **Analyze the Impact and Likelihood of Each Threat** Prioritize threats based on their potential impact and likelihood: High Impact, High Likelihood: Must be addressed immediately. High Impact, Low Likelihood: Require monitoring and mitigations. Low Impact, High Likelihood: Address if they affect user experience or trust. 6. **Define and Implement Mitigations** For each identified threat, propose and implement mitigations. 7. **Test and Iterate** Continuously test the smart contract for these threats using: * Unit tests for specific vulnerabilities. * Fuzz testing for unexpected inputs. * Simulations for multi-actor scenarios (e.g., testing oracle failures) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.optimumsec.xyz/design/actor-based-threat-modeling.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.