🦆
D.U.C.K. - Knowledge Base
  • D.U.C.K. Knowledge Base
    • 🦆Introduction
    • 🤝Contributors
    • 🎯Journey ahead
    • ℹ️Structure Overview
  • Risk Framework
    • ℹ️Risk Framework
    • Risks
      • Slashing (SLS)
      • Downtime (DOW)
      • Key Compromises (KEC)
      • General Infrastructure (GIR)
      • Service Partner Specifics (SPS)
      • Reputation (RER)
    • Risk Management Procedures
    • Risk Assessment Procedures
    • Review & Audit Procedures
    • Templates
      • Risk Register
      • Incident Response Plan
  • Mitigation & Controls Library
    • ℹ️Mitigation & Controls Library
    • Mitigation Strategies
    • Controls Catalog & Best Practices
    • Implementation Guidelines
    • Collection of Tools, Scripts & Templates
  • Communications Toolkit
    • ℹ️Communication Toolkit
    • Stakeholder Strategy
      • Stakeholder Overview
      • Ecosystem Touchpoints
      • Stakeholder Management
    • Incident Communication Protocols
    • Templates & Toolkits
      • Stakeholder Map
      • Stakeholder Register
      • Post-Mortem Analysis
      • Tools
    • Ecosystem Blueprint
      • Large Node Operator
Powered by GitBook
On this page
  • Validator Key Custody Risk
  • Withdrawal Key Custody Risk

Was this helpful?

Edit on GitHub
  1. Risk Framework
  2. Risks

Key Compromises (KEC)

Losing access to critical system components.

PreviousDowntime (DOW)NextGeneral Infrastructure (GIR)

Last updated 1 year ago

Was this helpful?

Validator Key Custody Risk

ID
Risk Group
Risk Vectors
Risk Vector Description

KEC1

Infrastructure

Failure to use vault system

No audit trail and controlled access to secrets

KEC2

People

Stolen / Lost Signing Keys (malicious internal employee)

Malicious employee deletes or steals the signing keys

KEC3

People

Stolen / Lost Signing Keys (malicious internal employee)

Malicious employee gets access to the unencrypted signing keys

KEC4

People

Stolen / Lost Signing Keys (External Hacker)

Malicious external hacker deletes signing keys

KEC5

People

Stolen / Lost Signing Keys (External Hacker)

Stealing the signing key from the unencrypted memory of the Web3Signer, even if keys are encrypted at rest in a vault

KEC6

Process

Loss of Signing Keys (Operational Failure)

Signing keys are lost in an operational process

KEC7

Process

Privilege escalation mechanisms not prevented

Someone with access to one service/node can increase their privileges and do more harm on further nodes.

KEC8

Infrastructure

Failure to protect infrastructure against physical access

Someone who gains physical access to a server can have access to locally exposed ports and can access the software API

Withdrawal Key Custody Risk

ID
Risk Group
Risk Vectors
Risk Vector Description

KEC9

Process

Loss of Withdrawal Keys (Operational Failure)

Loss of Withdrawal Keys (Operational Failure)

KEC10

People

Stolen Withdrawal Keys (Internal Employee)

Stolen Withdrawal Keys (Internal Employee)

KEC11

People

Stolen Withdrawal Keys (External Hacker)

Stolen Withdrawal Keys (External Hacker)