Threat Model
last updated: 2026-02-27
Scintilla Locate is designed for adversarial environments. The protocol must remain economically rational and dispute-capable under:
- dishonest provers (spoofed inputs, replay attempts, falsified commitments)
- dishonest challengers (griefing, false accusations, spam)
- colluding verifiers / committee capture attempts
- stake concentration and bribery attempts
- watcher exploitation and “objective dispute” games
- economic overload / exposure flooding attacks
Security posture
- Assume attacks happen. We build guardrails, not optimism.
- Prefer objective disputes. If a claim is wrong under the spec, it should be demonstrably wrong.
- Make outcomes replayable. Every dispute and resolution must be reproducible later.
- Capital-weighted safety. The protocol throttles exposure based on staked security.
Where this connects to engineering
Threat modeling is not a one-off doc. It is enforced through:
- deterministic rules in normative specs
- canonical byte encodings
- conformance corpora and cross-implementation tests
- watcher-as-adversary recomputation in CI
- governance gates for any changes that affect incentives, disputes, or mappings
See also:
- Economic security:
docs/foundations/economic-security-model.md - Dispute handling workflow:
docs/operations/dispute-handling.md