Security

TrustedStake Proxy Accounts: Safety and Usage Guide

Welcome to TrustedStake’s comprehensive guide on proxy accounts. This document explains proxy accounts, how TrustedStake utilizes them, and the robust security measures in place to ensure the safety of your assets.

Introduction

Security and efficiency are paramount in the evolving landscape of decentralized finance (DeFi) and blockchain-based staking. TrustedStake leverages proxy accounts within the Substrate framework to enhance users' staking experience. This guide delves into the mechanics of proxy accounts, their benefits, and the security protocols TrustedStake employs to safeguard your assets.

What Are Proxy Accounts?

Proxy accounts are specialized accounts within the Substrate blockchain framework that delegate specific permissions and roles to designated proxy entities. By isolating critical functions from primary accounts, proxy accounts enable more secure and efficient management of staking operations.

Types of Proxy Accounts

Some of these Proxy Types do not pertain to the Bittensor Network (we use Staking)

  • Any: allow any transaction, including balance transfers. In most cases, this should be avoided as the proxy account is used more frequently than the cold account and is therefore less secure.

  • Non-transfer: allow any type of transaction except balance transfers (including vested transfers). Hence, this proxy does not have permission to access calls in the Balances and XCM pallet.

  • Governance: allow to make transactions related to governance.

  • Nomination pool: allow transactions pertaining to Nomination Pools.

  • Staking: allow all staking-related transactions. The stash account is meant to stay in cold storage, while the staking proxy account makes day-to-day transactions like setting session keys or deciding which validators to nominate.

  • Identity Judgement: allow registrars to make judgments on an account's identity. If you are unfamiliar with judgment and identities on chain, please refer to this page. This proxy can only access provide_judgement call from the Identity pallet along with the calls from the Utility pallet.

  • Cancel: allow to reject and remove any time-delay proxy announcements. This proxy can only access reject_announcement call from the Proxy pallet.

Benefits of Proxy Accounts

  • Security Enhancement: Isolates primary account funds, keeping the main stash account in cold storage to minimize exposure.

  • Delegated Permissions: Assigns specific roles and restrictions to proxies, ensuring that each proxy can only perform authorized actions.

  • Transaction Management: Enables configuration of time delays, transaction type limitations, and more to prevent unauthorized or malicious activities.

Security Measures and Safety

At TrustedStake, the security of your assets is our top priority. We implement multiple layers of security to ensure that proxy accounts operate safely and effectively.

Proxy Account Security

  • Limited Permissions: TrustedStake utilizes the Substrate Proxy Pallet within Bittensor as The OpenTensor Foundation provides, ensuring standardized and secure proxy operations. Proxy accounts are configured with specific permissions, allowing only staking-related transactions. This limits the potential impact of any compromised proxy and prevents unauthorized access to transfer or custody your tokens.

  • Time-Delayed Proxies: TrustedStake can implement time delays on proxy transactions, providing a window to detect and cancel unauthorized actions before they are executed.

  • Isolation of Stash Accounts: The primary stash account remains in cold storage, isolated from day-to-day staking operations handled by the proxy, reducing the risk of exposure.

  • No Custodial Risk: Since TrustedStake does not hold your private keys, there is no risk of loss through proxy breaches or internal failures in the proxy.

Proxy Risk Mitigation

While proxy accounts significantly enhance security, TrustedStake employs additional strategies to mitigate risks further.

Multi-Sig Security and RoundTable21

TrustedStake employs industry-standard security around our proxy account, including a geo-distributed multi-sig account. This goes for our fees as well. We have partnered with world-class leaders within Bittensor to increase security. Our performance-based fee system has top-notch security. The highly regarded RoundTable21 Validator is our key partner in securing the fee within a geo-distributed multi-sig account.

Check out how serious RT21 is about security and operations: Here

We are always looking for ways to increase security, whether it be regular 3rd party platform audits, custody managers, and insurance. We have our customers' well-being at the forefront.

Compromised Proxy Key Scenario

  • Limited Impact: If the proxy private key is compromised, the attacker can only undelegate or redelegate tokens to another validator. They cannot transfer or steal your funds.

  • Automatic Detection and Response: TrustedStake continuously monitors staking activities. In the event of suspicious behavior, we can promptly reset the proxy relationship to prevent unauthorized delegations. We will close our application, assess the attacker's actions, and revert them. From there, a thorough investigation would identify how the proxy was compromised.

Secure Proxy Setup

  • Verified Transactions: Users must verify proxy setup transactions from our platform to ensure authenticity.

  • Correct Proxy Details: Users are instructed to confirm the addProxy function with the Staking argument and the correct proxy address (5F1k451t2EQyQxBVpSxokmPeULWcHKunx8idgNP8vpguBKHK) to prevent malicious proxy assignments.

Last updated