STRIDE is a systematic threat modeling framework developed at Microsoft for identifying security threats in software systems. Each letter represents a category of threat, providing a structured checklist for security analysis. When adapted for smart contract security, STRIDE maps directly to common blockchain attack vectors.

The six STRIDE categories

Spoofing (identity)

Pretending to be someone or something else to gain unauthorized access.

In smart contracts:

• Using tx.origin instead of msg.sender for authentication, enabling phishing attacks
• Deploying contracts at predictable addresses to impersonate legitimate protocols
• Front-end spoofing where malicious UIs interact with different contracts than displayed

1// VULNERABLE: tx.origin can be spoofed via intermediary contracts
2function withdraw() external {
3    require(tx.origin == owner, "Not owner");
4}
5
6// SECURE: msg.sender verifies the direct caller
7function withdraw() external {
8    require(msg.sender == owner, "Not owner");
9}

Tampering (data integrity)

Unauthorized modification of data or state.

In smart contracts:

• Oracle price manipulation via flash loans
• Storage collision in proxy patterns overwriting critical state
• Sandwich attacks manipulating transaction ordering
• Manipulating on-chain governance votes through flash-borrowed tokens

Repudiation (accountability)

Performing actions without leaving traceable evidence.

In smart contracts:

• Missing event emissions for critical state changes (ownership transfers, parameter updates)
• Administrative actions without timelock transparency
• Off-chain computation results submitted without verifiable proofs

Information disclosure (confidentiality)

Exposing data that should remain private.

In smart contracts:

• All on-chain data is public, including variables marked private
• MEV bots reading pending transactions in the mempool
• Commit-reveal schemes where the reveal phase leaks information prematurely
• Metadata leaking user patterns through on-chain activity analysis

Denial of service (availability)

Making a system unavailable to legitimate users.

In smart contracts:

• Unbounded loops consuming all available gas
• Blocking withdrawal patterns where one failed transfer reverts the entire batch
• Gas griefing attacks making functions too expensive to call
• Front-running critical transactions to prevent execution

Elevation of privilege (authorization)

Gaining capabilities beyond what should be permitted.

In smart contracts:

• Missing or incorrect access control modifiers on administrative functions
• Delegatecall to untrusted contracts executing in the caller's context
• Unprotected initializers in proxy patterns allowing anyone to claim ownership
• Exploiting role hierarchy to escalate from limited to full admin access

Applying STRIDE to smart contract audits

When auditing a contract, systematically check each STRIDE category:

1. Spoofing: Review all authentication checks—are they using msg.sender?
2. Tampering: Can external data sources be manipulated? Are storage layouts safe?
3. Repudiation: Do all critical state changes emit events?
4. Information Disclosure: Is any sensitive data assumed to be private on-chain?
5. Denial of Service: Are there unbounded loops, external calls in loops, or gas-intensive operations?
6. Elevation of Privilege: Are all privileged functions properly protected?

STRIDE vs traditional vulnerability lists

While vulnerability databases like SWC (Smart Contract Weakness Classification) list specific bugs, STRIDE provides a thinking framework:

Using both approaches together—STRIDE for systematic threat identification, and specific vulnerability patterns for implementation checks—provides the most thorough security review.