Threats Considered
- Reentrancy and callback-based abuse.
- Authorization bypass and privilege escalation.
- Double-withdrawal or double-claim attempts.
- Malicious token behavior.
- Data integrity or metadata poisoning.
Mitigations
- Pull-based claims prevent looping over recipients.
- Role-gated actions limit privileged access in MVP.
- Signature and hash verification prevent payload tampering.
- Registry checks ensure providers and schemas are authorized.
- Conservative accounting keeps rounding dust in contracts.