docsReference LibrarySecurityThreat Model

Threat Model and Security Analysis

This document outlines the threat model for Dogenals protocols, including attack vectors, mitigations, and assumptions.

Assumptions

  • Dogecoin blockchain is secure and immutable.
  • Indexers are honest; malicious indexers can censor but not forge.
  • Users control their private keys.
  • Off-chain metadata is not trusted.

Attack Vectors

1. Signature Forgery

  • Description: Fake signatures on collections or cancels.
  • Mitigation: ECDSA verification with canonical JSON.
  • Residual Risk: Weak randomness in key generation.

2. Double-Spend / Replay

  • Description: Reuse intents across txs.
  • Mitigation: Canonical ordering, txid binding.
  • Residual Risk: Reorgs can invalidate recent txs.

3. Provenance Gaps

  • Description: Ownership changes without intents.
  • Mitigation: Gap detection flags suspicious transfers.
  • Residual Risk: False positives on complex txs.

4. Spam / DoS

  • Description: Flood chain with low-value inscriptions.
  • Mitigation: Economic fees, size limits.
  • Residual Risk: High fees may exclude users.

5. Front-Running

  • Description: Snatch listings with faster bids.
  • Mitigation: Block ordering is fair.
  • Residual Risk: MEV in mempool.

6. Regulatory Attacks

  • Description: Use for illicit activities.
  • Mitigation: Protocols are neutral; marketplaces enforce.
  • Residual Risk: Legal risks for implementers.

Security Invariants

  • No trust in JSON alone; verify on-chain.
  • Signatures recomputed, not trusted from payload.
  • Balances checked before transfers.
  • First-deploy-wins prevents squatting.

Recommendations

  • Use hardware wallets for high-value ops.
  • Monitor for unusual activity.
  • Contribute to open audits.

This model ensures Dogenals remains secure and decentralized.

Spam MitigationIndex