Threat model

Threat Model

/+---------------------+             +----------------------+
|     User Wallet     |  Grants     |    Session Key       |
+---------------------+  -------->  +----------------------+
       (private)                        (ephemeral, scoped)

Threat vectors:

• Compromised session keys

• Overbroad permissions (unscoped delegation)

• Replay attacks or race conditions

Mitigation:

• Allow only specific method selectors

• Set TTL (time-to-live) on delegation

• Use nonces and hash commitments in signed payloads