How Everstake Ensures Security: From Blockchain R&D to Keys Management

Being a responsible validator entails much work, but what is the responsibility in question? First and foremost, it’s the responsibility before users and partners, which means it’s the validator’s duty to ensure every blockchain it works with is an honest, efficient ecosystem. And this, in turn, means extensive research of various aspects of a candidate blockchain. 

This article looks closely at Everstake’s process of choosing new blockchains to work with and securing its operations, including technical, legal, and other important notions.

How Does Everstake Review Blockchains to Work With?

Before we conclude a partnership with a blockchain and start offering validation services, we launch due diligence exploring both the legal and technical sides of the potential partner. Even though we can’t disclose the full procedure for understandable reasons, it follows the lines described below.

What Everstake’s Security Department Checks Before Partnering With a Blockchain

First, we do mostly the same thing any responsible person would do before buying a project’s tokens: we check the whitepaper, GitHub, and technical documents, see what kind of community has gathered around the project, and how efficient and steady the blockchain’s operation is. Then it’s time for a blockchain audit. Our DevOps thoroughly checks the blockchain and its architecture to determine if it’s safe to integrate and what rewards would be on the table if the partnership is greenlighted.

After that, we take a close look at the people behind the blockchain, which includes checking out their previous projects. This way, we make sure the project team can actually deliver what they promise. Finally, we make up a risk matrix to assess all the potential risks associated with the blockchain, including:

• Slashing. Since it is always the primary risk, we have insurance measures in place, including partnering with Nexus Mutual to guarantee that we can repay our customers should anything go wrong.
• Halving issues. Not all PoS have halving (i.e., cutting staking rewards in half algorithmically), but this notion has to be accounted for nonetheless.
• Jailing. This is a phenomenon found in Cosmos-based blockchains where a validator is temporarily laid off, mostly for causing downtime and other infrastructural disruptions.
• Liquidity. In brief, if there are not enough buyers and sellers in the ecosystem, its liquidity is nonexistent, and it itself is on the brink of extinction, so assessing the risk of such an event is crucial. We also estimate the risks of low liquidity occurring in our cooperation with the project in question.
• Legal risks. Obviously, the higher the chances that a regulator can shut down your partner’s project with one phone call, the higher the risks, but less rigorous jurisdictions tend to offer fewer legal safety nets. As a result, the risk estimation here is about determining whether the tradeoff between those two extremes is acceptable.
• Community. It also is an important part of risk assessment since the community’s overall “quality” and involvement directly impact the project’s liquidity.
• Project-specific risks. These include, for example, the chances that the project’s launch would be delayed. 

What Everstake’s R&D Also Checks Before Partnering With a Blockchain

At the same time as our Security Department, our R&D department has its own research of the candidate blockchain. Among other things that we cannot mention for obvious reasons, it includes the following.

• Economic model. Everstake’s R&D scrutinizes the economic model of the blockchain, its business metrics, and other aspects to determine whether the potential cooperation is promising in financial and economic terms.
  
• Projects analysis in terms of investors and reliability as well as analysis of the audits availability and its value.
• Marketing and community. A potential partner’s approach to marketing and community is equally important since it, in fact, signifies the company’s true policy and attitude regarding its long-term plans, reputation, and brand power.
  
• Centralization. We believe that centralization is a serious risk to any blockchain’s health and sound economic performance, so it’s important to avoid situations where there are only a handful of major validators. This notion is among the most important to us while making the final decision.

How Everstake Manages the Security of Its Operations

Everstake ensures the steady operation of the validators and the safety of delegator funds. To achieve that, engineers maintain the security of nodes and keys, and our lawyers make sure the obligations are always fulfilled.

Node Security

There are three fundamental policies that Everstake uses to ensure the security of our servers.

• The final say about the server’s state goes to trained information security experts. They make sure there are several security measures in place that have the optimal cumulative effect.
• Everstake does its best to build the official binary in-house rather than use some existing solutions that are more generic and can therefore leave unwanted vulnerabilities and create unforeseen attack vectors.
• Everything is always backed up, and backups are then duly encrypted to minimize the risks of their exposure to attacks or inadvertent actions with potentially harmful ramifications. 

Legal Issues

Everstake’s legal team has created very detailed Terms and Conditions for our retail customers that they must accept to use our services. As for our partners, we sign a Staking Services agreement that governs our mutual obligations and enshrines legal security mechanisms that benefit both parties.

Private Keys Management 

We use multisig and hardware security modules to work with keys. This ensures higher safety of keys even on a deactivated server that can still be attacked. Keys are also kept safe from ISP employees that could theoretically use their privileges to access them.

On top of that, Everstake uses other highly efficient measures that cannot be disclosed because of strict NDAs. Still, you can learn a bit more about ensuring security at Everstake here.