/SCRAF

Smart Contract Risk Assessment Framework

Smart Contract Risk Assessment Framework (SCRAF)

Risk assessment framework for evaluating risks in smart contract-based protocols and decentralized applications


This framework aims to give a risk assessment score derived from objective scores for the following aspects of a smart contract-based protocol or decentralized application targeting the Ethereum ecosystem:

  • Design Assurance Level -- Hazard Severity and Liklihood
  • Economic Throughput -- Total Funds vs Holding Time
  • Complexity -- State Variables and State Transitions

This score will provide advisement of checkpoint items that should be provided in order to prove adequete testing methodology and reports exist.


The SCRAF framework is based on concepts obtained from the following standards:

  • DO-178 url
  • OWASP Security Model url