Managing Privileged Accounts Securely

Many projects rely on externally owned accounts (EOAs) for managing privileged functions, such as pausing contracts, upgrading systems, or handling sensitive administrative tasks. However, using EOAs for such purposes introduces significant security risks, as they are susceptible to key compromise.

Below are actionable steps to handle these accounts securely.

1. Transition Away from EOAs

  • Use Multisigs: Replace EOAs with multi-signature wallets like Gnosis Safe to distribute control among multiple stakeholders.

  • Explore DAO Governance: Implement decentralized governance where the community or stakeholders vote on critical decisions, ensuring long-term sustainability.

  • Consider MPC Wallets: Leverage multi-party computation (MPC) wallets, which distribute key control among multiple parties without relying on a single device or location. Examples include Fireblocks or ZenGo.

2. Secure Private Keys

  • Use Hardware Wallets: Store private keys in hardware wallets (e.g., Ledger, Trezor) to protect them from malware and phishing attacks.

  • Backup Keys Properly: Store encrypted backups of private keys in secure, geographically dispersed locations. Avoid cloud storage or email backups.

  • Enable Two-Factor Authentication: When using wallet applications, ensure 2FA is enabled to add an extra layer of security.

3. Restrict Privileges and Access

  • Principle of Least Privilege: Assign the minimum necessary permissions to privileged accounts. Avoid consolidating multiple critical roles under a single key.

  • Timelocks: Introduce timelocks for high-stakes operations, allowing time for community scrutiny or intervention if suspicious activity is detected.

4. Monitor and Respond to Threats

  • Activity Alerts: Set up monitoring tools to track privileged account activity. Receive alerts for any unexpected or unauthorized transactions.

  • Incident Response Plan: Define a clear response plan for compromised keys, including pausing contracts, revoking access, and redeploying affected accounts.

5. Regularly Audit Privileged Functions

  • Review Access Controls: Periodically audit the list of privileged accounts and their roles to identify unnecessary permissions.

  • Test Fail-Safes: Ensure that the process to recover or replace compromised keys is well-documented and tested.

Example Setup for Privileged Accounts

  1. Deploy a Gnosis Safe Multisig for admin functions.

  2. Use Hardware Wallets for each signer of the multisig.

  3. Define a Timelock Contract for critical operations requiring community approval.

  4. Consider transitioning governance to a DAO Framework like Aragon or Snapshot for decentralized management as the project scales.

  5. Evaluate the use of MPC Wallets to enhance security through distributed key management.

PreviousEstablish a Security CouncilNextAdd Regression Tests After Fixing Vulnerabilities

Last updated