Lesson 2 - Threat Assessment

Introduction

This course aims to demystify the element to put in place to have the more secure way to implement an Aleph Zero smart contract. We will also introduce the security guidelines that we strongly encourage every single project to follow.

While developing a smart contract, security needs to be thought of from the design of the project to the production. Wrongly, a lot of people involved in the web3 space believe that Security = smart contract audit, we, as a community, need to correct this way of thinking. The checklist we provide should help us to achieve the best possible practice.

Prerequisites

None

Objectives and Outcomes

In this lesson you will learn:

  • What is a threat assessment;

  • The steps to perform a threat assessment;

  • How to create a threat assessment with a simple real world experience;

Threats assessment

When designing the architecture of your projects it is crucial to perform a threat assessment, identifying who or what can arm/attack your smart contract or how can your smart contract be armed.

This can be done with the following steps:

  1. We need to define or establish the context of the project or the smart contract.

    • Answering the following questions can help in the context establishment

      • Who is the targeted audience?

        • This helps to identify who can use the project, companies, private users, NFT artists, government etc.

      • How the project can be used?

        • This helps to identify what your projects can bring to the audience, but also how the project should be used.

  2. We need to have a clear idea of the threat to your smart contract.

    • Threats are actually performed by an identity who intends to either break the logic of the smart contract, steal token/coins/NFTs, steal data, or cause any damage to the project. To assess the threats to your smart contracts, you can perform the following steps.

      • Create a list of all assets of your project: NFT, token, data, addresses, identities

      • Identify threats associate with each asset:

        • For example, a token can be stolen, data can be tampered with, addresses can be modified etc.

        • We should identify entry points for an attacker,

        • Investigate common security vulnerabilities such as overflow/underflow, re-entrancy, address validation etc.

        • Consider different angle of attacks such as denial of service attacks and unauthorized access.

    • This includes a list of all assets used in the project and their associated risks or threats.

  3. After creating a list of all assets and their threats, we need to analyze and prioritize the threats. A way to do that is to answer the following question:

    • Which of the threats could cause the most harm to the assets?

    • What is the probability of this threat occurring?

  4. Now we have prioritized those risk, we need to plan for what can be done to mitigate them.

    • Mitigation could be to have a pause option in the smart contracts to halt an attack and minimize damage.

    • Ensure that the smart contract is designed to be upgradable.

    • Other examples of possible mitigation are:

      • a robust input validation strategy;

      • access restriction to sensitive area;

      • follow a security guidelines;

      • conduct a security audit.

  5. After planning the mitigation strategies, we need to decide a procedure for controlling these threats after the smart contract has been deployed on the Aleph Zero Blockchain. This is an important step because even with the most developed security practices in place, any smart contract could be attacked and harmed. Therefore, we need to have procedures in place to either minimizing the likelihood of any of these attacks or minimizing the impact of the attacks. Examples of procedure could be:

    • Live monitoring of your smart contract;

    • Staying proactive within the community, be aware of any attack happening in the web3 space and assess if such attack could impact your project;

    • Upgrade your smart contract immediately after new attacks are discovered;

    • Pause your smart contract in response to unusual events, to investigate the reason behind them. This could be for example extremely large withdraws or a huge amount of new users.

A way to perform these five steps is illustrated in the figure below.

Exercises

Please take maximum 20 minute for a "real" world example. For example, you could do a threat assessment for the ring of power in the lord of the rings, the philosopher stones in Harry Potter, or a fridge in your flatshare. Performing a threat assessment for a simple case will help you to perform a threat assessment of real smart contract.

PreviousLesson 1 - Getting started with ink!NextLesson 3 - Integer Overflow

Last updated