Threat model for detecting Large Value Attack vulnerabilities.

A Large Value Attack exploits validators that don't properly validate the structure of Value in their outputs. If a validator allows spending from a script output without checking what tokens are present in the output's value, an attacker can "bloat" the value with additional junk tokens.

Consequences ==

1. Increased min-UTxO requirements: Each unique token in a UTxO increases the minimum Ada required. Adding many junk tokens forces the victim to lock more Ada than intended.
2. Serialization costs: Large values increase transaction size, consuming more of the victim's fee budget when spending the UTxO.
3. Permanent fund locking: If the value is bloated sufficiently:

• The transaction required to spend the UTxO may exceed protocol size limits
• The serialized output may exceed the max-value-size protocol parameter

In these cases, the UTxO becomes permanently unspendable and funds are locked forever with no possibility of recovery.

Root Cause ==

Validators that don't check the Value structure of outputs being created. For example, a validator that only checks:

traceIfFalse "insufficient payment" (valuePaidTo pkh >= expectedAmount)

This allows an attacker to include expectedAmount + junkTokens, satisfying the check while bloating the output.

Mitigation ==

A secure validator should either:

• Whitelist expected tokens (only allow known policy IDs)
• Check the token count (e.g., length (flattenValue v) <= maxTokens)
• Require exact value match (not just >= comparison)
• Validate that outputs contain only expected assets

This threat model tests if a script output can have arbitrary tokens added to its value via minting. If the transaction still validates, the validator has a Large Value Attack vulnerability.