Validator Security Measures Implemented - Seeking Community Insights

Conversation Security
1

Hello Cosmos Community and I hope this is the right place to post,

I hope you’re all doing well. I’m reaching out as an engineer at Pundi X and Function X, and I wanted to share that we’ve successfully implemented specific security measures for our validator nodes. These measures address scenarios such as server breaches, consensus public key leaks, and wallet private key compromises.

Specifically, we have:

  1. Consensus Public Key Replacement: In the event of a server breach or consensus public key leakage, we’ve implemented a solution using the edit-consensus-pubkey transaction to replace the validator’s consensus public key.
  2. Authority Transfer for Private Key Compromise: To mitigate the risks associated with a validator’s wallet private key being compromised, we’ve set up a mechanism for transferring validator authority to another address using the grant-privilege transaction. In this setup, the compromised private key cannot send transactions on the chain, while an authorized address can perform transactions on behalf of the validator’s address.

Since we believe in the value of knowledge sharing within the Cosmos community, we’re curious to know if anyone else has also implemented similar security measures or if there are alternative approaches you’ve found effective. Your insights and experiences would be greatly appreciated.

If you have implemented similar security measures or have valuable insights to share, please feel free to respond to this thread. We believe that collective knowledge and discussions can enhance the security and resilience of the Cosmos network for everyone.

Thank you for your time, and we look forward to hearing from you.

Best regards,
Lance

4 Likes
2

Hi you implemented this? Does it happen to work with the latest SDK?

Is really great

3

This is our latest features added hxxps://github(dot)com/FunctionX/fx-core/releases/tag/v5.0.0

1 Like
4

Amazing. Would you be able to backport it to Cosmos SDK?

1 Like
5

On our side, we’ll try to create PR to cosmos-sdk

6

Seems no one else implemented similar feature in the cosmos ecosystem.

We’ve also initiated a discussion on this feature over at our StarScan forum. You can find the ongoing conversation here: hxxps://forum(dot)starscan(dot)io/t/f-x-core-mainnet-validator-updates/2141/263

Please feel free to share your thoughts, suggestions, or any related experiences you’ve had. Your feedback will help us improve and refine this feature.

Thank you for being an essential part of the Cosmos community. We look forward to hearing from you!

Best regards,
Lance

7

We have created some PRs to cosmos-sdk

img_v2_efae8eeb-c572-4ef6-adde-779757a7776g
img_v2_efae8eeb-c572-4ef6-adde-779757a7776g3848×1648 223 KB

https://github.com/cosmos/cosmos-sdk/pulls?q=is%3Apr+author%3Azakir-code+is%3Aclosed

8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.