Ray from Certora presents threat modeling as a security methodology for Stellar protocols, introducing the Four A's framework (Assets, Actors, Assumptions, Attack Vectors) to identify vulnerabilities, speed up audits, and improve protocol security before and during development.
Ray, senior researcher at Certora, discusses threat modeling as a practical security tool for Stellar ecosystem projects. He introduces the Four A's framework: Assets (what the protocol protects), Actors (addresses and contracts involved), Assumptions (what the system assumes to be true), and Attack Vectors (potential attack families). Ray contrasts this with the Stellar Foundation's STRIDE model and explains how both complement each other. He emphasizes that threat modeling should be simple, transparent, and focused to encourage adoption and maintenance. The methodology helps developers identify security gaps early, speeds up audits, improves investor confidence, and can save projects millions in potential losses. Ray also discusses how LLMs can enhance threat modeling effectiveness when paired with human validation.
