# Threat Model — STRIDE 完整版本见仓库内: [`docs/audit/threat-model-2026-05-07.md`](https://github.com/leeleeEcho/babyDriver_Layer2/blob/main/docs/audit/threat-model-2026-05-07.md) ## STRIDE 速查 | 字母 | 威胁 | 例子 | | ----- | ------------------------- | ---------------- | | **S** | Spoofing 假冒 | 伪造 aggregator 签名 | | **T** | Tampering 篡改 | 改 batch data | | **R** | Repudiation 抵赖 | aggregator 否认提交 | | **I** | Information Disclosure 泄漏 | 私钥 / 模型权重 | | **D** | Denial of Service | 阻塞 sequencer | | **E** | Elevation of Privilege | 普通用户拿 admin | ## 6 子系统威胁数 | 子系统 | 主要威胁数 | 推荐 audit 工时 | 重点 | | ----------------------- | ------ | ------------ | ---------------------------- | | PoB / Stake / Challenge | 12 | 60-80h | Slash 经济学 + reentrancy | | PoD / Verifier 三套 | 11 | 50-70h | Verifier swap + ECDSA replay | | L2 Policy | 6 | 20-30h | Permissionless registry | | CSDRT / DID | 9 | 40-60h | Trust 假设链 | | Oracle / Bridge | 14 | 80-120h | DeFi 经典 + Guardian backdoor | | Cross-system | 5 | 30-40h | Combination attack | | **总计** | **57** | **280-400h** | — | ## 5 类攻击者 persona | Persona | 描述 | 缓解 | | ------------- | ------------------------------------------------- | ---------------------------------- | | **A** 内部恶意员工 | admin key 持有者 | Multisig + Timelock + 审计日志 | | **B** 经济攻击者 | 套利 / front-run / oracle 操纵 | Slither / Echidna + 多 source | | **C** 国家级 APT | 长期监视 + zero-day | 超出 audit scope,靠 bug bounty | | **D** 脚本小子 | 跑公开 exploit | 基础 hardening (CEI / 访问控制 / replay) | | **E** 密码学专家 | trusted setup / pairing / circuit underconstraint | 公开 ceremony + ZK 电路独立 audit | ## 跨子系统组合攻击 Top 5 | # | 攻击 | 缓解 | | -- | ---------------------------------------------------------------------- | -------------------------- | | X1 | Oracle 操纵 → FastWithdrawalPool 错价 → LP 损失 | 多 source + circuit breaker | | X2 | aggregator slash 后 ChallengeManager 持 reward → reentrancy | CEI 已修 (commit `7a1c8b5`) | | X3 | TEE attestation 永真 (mock) → ModelRegistry 注册 fake → CSDRT 信用 inflation | 主网前真 DCAP swap | | X4 | PolicyRegistry deactivate policy → PoB submit revert → agent 永久 stuck | 旧 policyHash 仍可 query | | X5 | DIDRegistry 攻击 → trustedIssuer 失效 → CSDRT scoring 全部 invalid | DID 必须独立 audit | 详细 STRIDE 矩阵见原文档 §2-§7。 --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://yellowpaper.axblade.io/security/threat-model-stride.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.