Skip to main content
Sigvex

Threat Graph

Cross-runtime admin, bridge, and settlement graph with compromised-admin blast-radius computation.

What it is

A graph view that combines EVM contracts, SVM programs, ZK verifiers, bridges, and assets into a single diagram. From a selected set of workspace assets, it probes admin, proxy, bridge, and settlement edges and computes the blast radius when a given admin key is compromised.

Why it exists

Admin, bridge, and settlement relationships often span chains and runtimes. A single-runtime tool cannot show that the EVM multisig on one side of a bridge is the same authority that governs a Solana program or an L1 ZK verifier. This page joins those probes into one graph so cross-runtime blast radius is visible.

Who uses it

  • Auditor — identifies shared authorities across an engagement’s contracts, programs, and verifiers.
  • Researcher — models attack scenarios that cross bridges or rollup settlement boundaries.

How to open it

  1. Sidebar → Monitoring → Threat Graph.
  2. Direct URL — /threat-graph.

Using the page

  1. Source — workspace assets — pick one or more analyzed EVM contracts or SVM programs in the multi-select (Ctrl/⌘-click to multi-select).
  2. Project graph — runs EVM and SVM probes in parallel and populates the probe table and graph.
  3. Load demo scenario — loads a synthetic cross-runtime scenario (shared admin across an EVM bridge and a Solana program plus an L2 settler anchored to an L1 ZK verifier) for exploration when the workspace is empty.
  4. Clear highlight — resets any current node highlight.
  5. Stats row — Nodes, Edges, Chains, Admin-shared pairs.
  6. Inspector — click a node to see its kind, chain, id, and trust neighbours.
  7. Compromised-admin blast radius — pick an admin key from the dropdown (populated by the probes), then Compute blast radius to see Failure mode, Direct nodes, Blast radius, Chains reached, and Value at risk, plus the list of directly-controlled nodes.
  8. Export JSON / Export CSV — download the current graph and probes together, or the probes only.

Inputs and outputs

Input Source Required
Workspace assets Active workspace inventory yes (or use demo)
Admin key selection Probe output for blast radius
Output Format Destination
Graph + probe table SVG + HTML table In-page render
Full graph + probes JSON Browser download
Probe results CSV Browser download

Controls reference

  • Source assets — multi-select of workspace assets to probe.
  • Project graph — runs probes and builds the graph.
  • Load demo scenario — loads the synthetic cross-runtime example.
  • Clear highlight — clears the current node highlight.
  • Compromised-admin blast radius — dropdown of admin keys from the probes.
  • Compute blast radius — computes failure mode, direct nodes, total blast radius, chains reached, and value at risk for the selected admin.
  • Export JSON — downloads the graph and probes together.
  • Export CSV — downloads the probe table.

Limits

  • Requires a signed-in account and a workspace with at least one analyzed EVM contract or SVM program (unless using the demo).
  • Blast-radius math is graph-only — it uses the probed edges, not live RPC state.
  • Probes depend on the asset having a completed analysis with admin / upgrade-authority detection.

Troubleshooting

Symptom or error Cause Action
Empty source-asset list No analyzed assets in the workspace Add and analyze an asset, or use Load demo scenario.
Graph empty after Project graph Probes returned no admin, bridge, or settlement edges Add more assets that are likely to share authorities or bridges.
Compute blast radius disabled No admin selected Run Project graph first; choose an admin from the dropdown.
  • Workspaces — the container that scopes the source asset list.
  • Dependency Map — per-contract call graph rather than cross-runtime admin graph.
  • Governance Risk — admin concentration analysis for a single target.