Open this lesson in your favourite AI. It'll walk you through the why, explain the demo, and quiz you on the try-it list.
An attacker doesn't break your code; they break your assumptions. The threat model is the explicit list of assumptions you're making — about who's calling your contracts, what they know, what they can afford to spend, what they can collude with. Skip this and you ship a protocol that's secure 'under unstated assumptions' — which means insecure as soon as someone notices.
A useful threat model has three layers: (1) Who is the adversary — single actor, miner, MEV bot, regulator? (2) What can they afford — flash loan? 51% stake? Censorship? (3) What do they win by deviating from the protocol — money? Information? Power over a vote?
Use these three in order. Each builds on the one before.
In one paragraph, explain what a threat model is and why it has to be written down.
Walk me through threat-modelling a stablecoin: who attacks, what they can do, what they win.
Design a threat model for a cross-chain bridge. Explain how the threat model differs from a single-chain protocol's, and which assumptions you can no longer make.