Validator Security Measures Implemented - Seeking Community Insights

lancelai · September 13, 2023, 2:43am

Hello Cosmos Community and I hope this is the right place to post,

I hope you’re all doing well. I’m reaching out as an engineer at Pundi X and Function X, and I wanted to share that we’ve successfully implemented specific security measures for our validator nodes. These measures address scenarios such as server breaches, consensus public key leaks, and wallet private key compromises.

Specifically, we have:

Consensus Public Key Replacement: In the event of a server breach or consensus public key leakage, we’ve implemented a solution using the edit-consensus-pubkey transaction to replace the validator’s consensus public key.
Authority Transfer for Private Key Compromise: To mitigate the risks associated with a validator’s wallet private key being compromised, we’ve set up a mechanism for transferring validator authority to another address using the grant-privilege transaction. In this setup, the compromised private key cannot send transactions on the chain, while an authorized address can perform transactions on behalf of the validator’s address.

Since we believe in the value of knowledge sharing within the Cosmos community, we’re curious to know if anyone else has also implemented similar security measures or if there are alternative approaches you’ve found effective. Your insights and experiences would be greatly appreciated.

If you have implemented similar security measures or have valuable insights to share, please feel free to respond to this thread. We believe that collective knowledge and discussions can enhance the security and resilience of the Cosmos network for everyone.

Thank you for your time, and we look forward to hearing from you.

Best regards,
Lance

jacobgadikian · September 13, 2023, 6:06am

Hi you implemented this? Does it happen to work with the latest SDK?

Is really great

lancelai · September 13, 2023, 6:20am

This is our latest features added hxxps://github(dot)com/FunctionX/fx-core/releases/tag/v5.0.0

robert.zaremba · September 13, 2023, 7:58am

Amazing. Would you be able to backport it to Cosmos SDK?

lancelai · September 18, 2023, 6:32am

On our side, we’ll try to create PR to cosmos-sdk

lancelai · September 18, 2023, 6:41am

Seems no one else implemented similar feature in the cosmos ecosystem.

We’ve also initiated a discussion on this feature over at our StarScan forum. You can find the ongoing conversation here: hxxps://forum(dot)starscan(dot)io/t/f-x-core-mainnet-validator-updates/2141/263

Please feel free to share your thoughts, suggestions, or any related experiences you’ve had. Your feedback will help us improve and refine this feature.

Thank you for being an essential part of the Cosmos community. We look forward to hearing from you!

Best regards,
Lance

lancelai · September 18, 2023, 6:55am

We have created some PRs to cosmos-sdk

https://github.com/cosmos/cosmos-sdk/pulls?q=is%3Apr+author%3Azakir-code+is%3Aclosed

system · October 2, 2023, 6:55am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.