Request for Feedback: Emergency alerting system for dYdX Chain Validators

dYdX_Ops_subDAO · March 29, 2024, 8:10pm

Summary:

In order to better prepare for handling unforeseen events related to the dYdX Chain, the dYdX Ops subDAO suggests implementing an alerting system utilizing cryptographically signed emails, sent to a high-voting-power subset of the active validators.

We envision that, at least initially, the alerts will aim at drawing the validators’ operators attention to the emergency-related discussion on Slack channels.

This request for feedback puts forward for discussion the initial set of parameters and tooling for achieving this alerting system.

Introduction:

Inspired by Axelar’s Messaging Scheme we found the necessity of building and open-sourcing a tool that could notify a subset of Validators via PGP-signed emails (a.k.a. the Signotifier - details below).

The dYdX Ops subDAO has been relentless in its efforts to clarify the importance of the dYdX v4 Software Terms of Use to anyone who operates the software. This initiative is aligned with those efforts. The alerting system is unable to send alerts to validators who have yet to explicitly accept the Terms of Use. Therefore, we cannot add validators to the list of alert recipients in a permissionless manner.

Specification:

Validator Application Process:

We intend to adopt the procedure currently used for registering with Slack Connect and create a unified Google Form. This form will enable dYdX Chain Validators to:

(Mandatory) Accept the dYdX v4 Terms of Use, providing the Entity Name, Location of Entity, and the Name of the individual confirming acceptance.
(Optional) Provide up to three emails to be invited to the Discussion and Updates Slack Connect channels.
(Optional) Specify an email to receive emergency alerts from Signotifier.

Tooling:

Signotifier is an innovative AWS Lambda function designed to sign and send encrypted messages via email, ensuring critical alerts are securely communicated.

We invite the community to engage with Signotifier, explore its functionalities, and consider its application beyond validator notifications. Your insights and suggestions are invaluable as we strive to enhance communication and security within the dYdX ecosystem. Feedback on implementing numbers, potential additional uses for the tool, and general thoughts are highly appreciated.

Specifications:

Signatures are based on RSA 4096.
Invocation is done via a JSON API.
Signed messages are broadcast via email.
Deployment is done via Terraform.
For higher accessibility, verification instructions are automatically attached to each message.

Next Steps:

Collect feedback from the dYdX Community on the approach and tooling - until Apr 6, 2024
Publish the form for collecting emails designated for alert notifications - on Apr 8, 2024
Fine-tune the setup with test alerts - from Apr 15, 2024 to Apr 19, 2024
Move to live mode (and hopefully never need to use the alerting system) - Apr 22, 2024

Resources:

GitHub Repository: Signotifier on GitHub

Detailed Setup and Usage Instructions: AWS Setup Guide, Lambda Invocation

0xajs · March 29, 2024, 9:05pm

I enjoy reading how dynamically dYdX is developing,
Safety can never be enough

Govmos · April 3, 2024, 3:58pm

On behalf of the PRO Delegators’ team, we are fully supporting this initiative. We’ve long advocated for addressing security concerns across the entire Cosmos ecosystem. Our node operators have actively contributed suggestions in Slack channels, and it’s gratifying to see these discussions translating into tangible actions today.

The introduction of this feature addresses crucial vulnerabilities, especially during emergency situations where swift operator response is essential. Encrypted and secure communication in such critical moments is vital to eliminate any potential security flaws.

This proposal marks a positive step in the right direction. While further improvements are necessary in the long term, we’re encouraged by this initial progress. Naturally, we will follow the application process to participate in this program.

Thanks for the efforts.
Govmos.

dYdX_Ops_subDAO · April 9, 2024, 9:50pm

Hello dYdX Community and @Validators

We are grateful for your feedback and input on this initiative.

The new dYdX Chain Compliance and Collaboration Form can be found here: https://forms.gle/D775kC8DGFzpAh136

We also would like to follow up on a few of the deadlines we provided above, due to recent circumstances we decided to shift them by a week, these being:

Tool testing and tuning between April 22nd and April 26th, 2024
Go live on April 29th 2024

Thank you once again for the feedback and trust in such initiatives, we look forward to keep improving and providing helpful resources to the dYdX Chain Community and Validators.

dYdX Ops SubDAO

Topic		Replies	Views
dYdX Ops subDAO Community Update #2 Operations subDAO community-input , update	0	483	June 17, 2024
Fix the v2 emergency upgrade jailings Proposals	13	3800	January 5, 2024
Validator Introduction: STC Capital Validators	0	449	July 27, 2023
A Take on Good Practices for dYdX Chain Validators and Stakers dYdX Chain	14	3492	October 18, 2023
dYdX Chain Protocol v4.0 Upgrade Proposal is LIVE! dYdX Chain protocol-upgrade , community-input , update	3	906	April 12, 2024