Notes from Kurt on the 2022-09-21 Threat Modeling Blockchain Product for Enterprise discussionExternal link: https://miro.com/app/board/uXjVPZNuOgs=/?share_link_id=191456281837
Some key takeaways:
Some new key dimensions of blockchain products came up, including onboarding and offboarding participants (something I have not considered sufficiently in past).
The biggest topic of discussion was the dependency chains for transactions, e.g. first smart contract, clear, but what about oracles, other smart contracts, bridges, and other entire ecosystems? This leads to some interesting problems:
Interoperability between ecosystems, especially around identity management (depending on the bridges for this may be problematic)
Oracle data propagation, e.g. if Party A gets Oracle data faster than Party B, Party A can effectively predict the future accurately (everything old is new again: https://nordvpn.com/blog/semaphore-attack-mitm/)
Locking and stalling on transactions, if you have an atomic swap that depends on an external entity like an entirely different ecosystem, accessed via a bridge, the potential for something to go wrong increases dramatically
Can we even remotely hope to map out this dependency graph (ala SBOM) and ensure all the components are reasonably secure?
Some other interesting discussions happened around tokenomics, abusing liquidity (or lack thereof), and possible strategies like breaking up transactions, using escrow and so on. I think we may need to explore this further.