Key Compromises (KEC)
Losing access to critical system components.
Validator Key Custody Risk
| ID | Risk Group | Risk Vectors | Risk Vector Description |
|---|---|---|---|
KEC1 | Infrastructure | Failure to use vault system | No audit trail and controlled access to secrets |
KEC2 | People | Stolen / Lost Signing Keys (malicious internal employee) | Malicious employee deletes or steals the signing keys |
KEC3 | People | Stolen / Lost Signing Keys (malicious internal employee) | Malicious employee gets access to the unencrypted signing keys |
KEC4 | People | Stolen / Lost Signing Keys (External Hacker) | Malicious external hacker deletes signing keys |
KEC5 | People | Stolen / Lost Signing Keys (External Hacker) | Stealing the signing key from the unencrypted memory of the Web3Signer, even if keys are encrypted at rest in a vault |
KEC6 | Process | Loss of Signing Keys (Operational Failure) | Signing keys are lost in an operational process |
KEC7 | Process | Privilege escalation mechanisms not prevented | Someone with access to one service/node can increase their privileges and do more harm on further nodes. |
KEC8 | Infrastructure | Failure to protect infrastructure against physical access | Someone who gains physical access to a server can have access to locally exposed ports and can access the software API |
Withdrawal Key Custody Risk
| ID | Risk Group | Risk Vectors | Risk Vector Description |
|---|---|---|---|
KEC9 | Process | Loss of Withdrawal Keys (Operational Failure) | Loss of Withdrawal Keys (Operational Failure) |
KEC10 | People | Stolen Withdrawal Keys (Internal Employee) | Stolen Withdrawal Keys (Internal Employee) |
KEC11 | People | Stolen Withdrawal Keys (External Hacker) | Stolen Withdrawal Keys (External Hacker) |
Last updated
