We’re thrilled to announce the initial draft of the Distributed Utilization of Configurations and Knowledge (D.U.C.K.) Initiative. 

The DUCK initiative offers open-source tools and knowledge to Lido node operators to enhance operations and mitigate risk. The initiative is pioneering a safer, more efficient staking ecosystem for the broader Web3 community. At CoGuard, we’re excited to collaborate with Quantstamp, Chainproof, Lido, Hypernative, Lionscraft, and Blockscape on this initial draft.

The Connection between Slashing & Infrastructure Configuration

Slashing continues to be an ongoing concern for staking providers. A lot of node operations are running on classical infrastructure (Web2) components such as containers, databases, and web servers.  The risk of slashing events can be significantly reduced through infrastructure design and automated scanning of infrastructure configurations. 

We’ve said it before, Web3 infrastructure is Web2 + smart contracts. And at CoGuard, we focus on discovering and providing analysis of Web2 (off-chain/classical) infrastructure and configurations (we work with experts like Quantstamp for on-chain security). Our solution scans existing deployments to discover infrastructure and application configuration. We have incorporated custom slashing rules as part of our code/configuration scanning and generalized model of infrastructure. In addition, we have partnered with Quantstamp/Chainproof to help automate the audit and analysis of diverse infrastructure to prevent slashing. A lot of the controls that affect a staking operation can be found in configuration files at each layer of the application and infrastructure. And together we provide custom rulesets that can detect misconfigurations in each layer of a containerized node operator to help prevent configurations that are susceptible to slashing. 

Web2 Infrastructure for Node Operations 

Web3 liquid staking providers and node validator provide provide easy-to-get-started Web2 container setup to run their consensus and execution clients (e.g., Lido Key Operators Service, Ethereum Launchpad, EigenLayer, RocketPool, Chainlink, Ronin, StakeWise, Eth Docker, Gnosischain, etc.). The containers include software and configurations that can be run on existing cloud/VPS infrastructure. Existing cloud providers offer node operators a cost effective and flexible choice for compute and storage resources with dedicated uptime and network performance.

The provided containers demonstrate the client flexibility and choice for node operator deployment configurations, hosting providers, consensus and execution clients. 

Slashing can occur from malicious behaviors or through infrastructure misconfiguration, whether deliberate or accidental, the end result are penalties. The most common slashing penalties are the results of over-engineering or misconfiguration of the staking environment. Common errors include: when a node operator runs identical validating keys in two or more servers; migrating to new machines without persisting the slashing protection history; and using a containerized environment without persistent volumes. 

Running classic penetration tests across a large infrastructure layer, e.g., staking validators, can prove to be infeasible. An automated whitebox-penetration testing approach offers a way to perform such security checks at scale. This same approach can be used to evaluate application and infrastructure configurations to reduce the risk of slashing. At CoGuard, our generalized infrastructure model provides flexibility and is able to support diverse deployments that may be used by different node operators. 

Infrastructure Security + Change Management

What is the greatest source of risk in node operations?  

“The way people get slashed in practice most of the time is they just make mistakes with their infrastructure.” Fraser Brown, co-founder and CTO of Cubist, DL News

There are known and unknown risks. Known risks include software bugs or reported vulnerabilities in consensus and execution clients.  The unmanaged risk lies in the setup and operations and change management of the infrastructure used to deploy the staking system. The configuration of the application layer, network layer, operating system and containerization layers often remain unchanged with default settings and unknown applications or services enabled on critical infrastructure.  

At CoGuard we believe that security requires automation of deployment and change management procedures. 

It is as simple as that. If your servers are set up manually by someone provisioning a server, ssh’ing into the server and running a couple commands, this is not scalable and is fallible to human error. 

Provisioning and setup of servers/containers needs to be done through your choice of IaC tooling (Ansible is great for bare metal or hosted servers), and changes to state need to be managed in a code repository. At CoGuard, we treat infrastructure configurations just like we treat code. We push configuration files into source control. Then carefully push change to the infrastructure layer. This allows teams to declaratively define and manage services. Automating changes to the services using their CI/CD pipeline. And allowing this code should be scanned to catch mistakes, slipups and gaps in configurations and security best practices. 

At CoGuard, we provide static analysis tools for software infrastructure automation that includes security best practices and has slashing rules for a variety of orchestration, virtualization, networking and applications. The combination of automated configuration scanning and change management processes enable rapid deployments, stable uptime and a reduced risk of slashing from misconfiguration of infrastructure. Multiple independently developed and maintained clients are part the strength of Ethereum, and providing automated tooling that supports a broad range of cloud hosts, IaC tooling, containerization and application configurations is necessary. We are committed to expanding supported applications, cloud hosting providers and IaC tools, contact us with specific tools and we can discuss prioritization. We expect the unexpected with respect to the operations, level of automation and choice of tooling and have built our rulesets and engine to be flexible and extensible. 

“CoGuard is dedicated to providing extensible, static analysis tools for configuration files of infrastructure and applications. We recognize that code review and remediation needs to adapt with teams from automated to manual. ” Elevating the Standard: A Deeper Look into CoGuard

We have partnered with Chainproof to help identify and manage the risks associated with slashing for node operators. Classical infrastructure components such as containers, databases, and web servers play a vital role in most of the Web3 stack. And together CoGuard and Chainproof are on a mission to secure the infrastructure used to the decentralized internet and the ever-evolving world of blockchain technology. And we are committed to the continued participation and contributions of the DUCK Initiative. 

How can you contribute?

The primary objective of the DUCK Initiative is to facilitate community engagement around node operator excellence.This includes tools, methodologies, information, shared experience with a variety of approaches that can be customized by node operators for with their own service delivery model. Join us in understanding and documenting the risks that node operators experience whether it’s infrastructure, configuration, software, people or other risks. We’d love for you to participate. 

For any feedback, updates, or comments please visit: https://forms.gle/RaUWtoKdNWivJb5R8