Security Guide
Security considerations for operators running indexer and resolver services on Pons Network.
Pre-Deployment Checklist
Required
- Created dedicated wallet (not your main wallet)
- Funded wallet with ETH for gas (0.1+ ETH recommended)
- Configured RPC endpoints (with rate limiting/authentication)
- Verified contract addresses are correct
- Tested with small amounts first
Recommended
- Set up monitoring/alerting
- Configured log rotation
- Enabled firewall rules
- Set up automatic restart on failure
- Backed up wallet keys securely
Production
- Using secrets manager for private key
- Running behind reverse proxy
- IP allowlisting enabled
- Rate limiting configured
- VPN/private networking
Wallet Security
Key Management
NEVER store private keys in:
- Plain text files
- Environment variables in docker-compose (use env_file)
- Git repositories
- Log files
DO use:
- Hardware wallets (for cold storage)
- Secret managers (AWS Secrets Manager, HashiCorp Vault)
- Encrypted environment files
Wallet Separation
Use separate wallets for different purposes:
| Wallet | Purpose | Funding Level |
|---|---|---|
| Hot Wallet | Daily operations (gas) | 0.1-0.5 ETH |
| Fee Collection | Accumulate earned fees | Withdraw regularly |
| Cold Storage | Long-term profit storage | Hardware wallet |
Recommended Setup
# 1. Generate a new wallet for operations
cast wallet new
# 2. Store private key in secrets manager
aws secretsmanager create-secret \
--name pons-resolver-key \
--secret-string "YOUR_PRIVATE_KEY"
# 3. In your service, fetch at runtime
PRIVATE_KEY=$(aws secretsmanager get-secret-value \
--secret-id pons-resolver-key \
--query SecretString \
--output text)
Network Security
Firewall Configuration
Only expose necessary ports:
# Allow only essential ports
ufw allow 22/tcp # SSH (consider limiting to specific IPs)
ufw allow 8000/tcp # P2P (if needed)
# Block admin endpoints from public
ufw deny 8645/tcp # REST API
# Or configure with IP allowlist
ufw allow from YOUR_IP to any port 8645
Running Behind Reverse Proxy
If exposing any HTTP endpoints:
# /etc/nginx/sites-available/pons
server {
listen 443 ssl;
server_name resolver.yourdomain.com;
# Rate limiting
limit_req zone=pons burst=20 nodelay;
limit_conn pons_conn 10;
# Only allow health checks
location /health {
proxy_pass http://localhost:3000/health;
}
# Block everything else
location / {
return 403;
}
}
Docker Network Security
# In docker-compose
services:
resolver:
networks:
- internal
# Don't expose ports to host unless needed
networks:
internal:
internal: true # Not accessible from host
Operational Security
Log Sanitization
Never log sensitive data:
// BAD - logs private key
console.log('Starting with key:', process.env.PRIVATE_KEY);
// GOOD - logs only public info
console.log('Starting with address:', wallet.address);
Automatic Updates
Keep your resolver updated:
# Add to crontab for daily updates
0 0 * * * cd /path/to/resolver && git pull && npm run build && pm2 restart all
Resource Limits
Prevent resource exhaustion:
# In docker-compose
services:
resolver:
deploy:
resources:
limits:
cpus: '2'
memory: 4G
reservations:
cpus: '0.5'
memory: 1G
Backup and Recovery
# Backup logs and state regularly
0 */6 * * * tar -czf /backups/pons-$(date +%Y%m%d-%H%M).tar.gz /app/logs
# Keep backups for 30 days
find /backups -name "pons-*.tar.gz" -mtime +30 -delete
Configuration Guide
Minimum Fee Settings
Set fees to avoid dust attacks and ensure profitability:
| Fee Type | Description | Purpose |
|---|---|---|
| MIN_INDEXER_FEE | Set based on gas costs | Covers indexing gas |
| MIN_RESOLVER_FEE | Set based on gas costs | Covers execution gas |
| MIN_PROFIT_BPS | 10 (0.1%) | Ensures profit margin |
Concurrent Jobs
Balance throughput vs. resource usage:
| Environment | MAX_CONCURRENT_JOBS | RAM Needed |
|---|---|---|
| Low (VPS) | 2-3 | 1 GB |
| Medium | 5 | 2 GB |
| High | 10-20 | 4+ GB |
Historical Scanning
Configure based on your uptime:
# If you have stable uptime
HISTORICAL_SCAN_ENABLED=true
HISTORICAL_TIME_WINDOW_MS=3600000 # 1 hour
HISTORICAL_SCAN_INTERVAL_MS=300000 # 5 minutes
# If you restart frequently
HISTORICAL_TIME_WINDOW_MS=86400000 # 24 hours
Monitoring and Alerting
Key Metrics to Monitor
Health
- Service uptime
- Connection count
- Memory usage
Performance
- Messages processed/hour
- Success rate
- Average processing time
Security
- Failed transactions
- Invalid message rate
- Unusual activity patterns
Alert Conditions
Set up alerts for:
| Condition | Threshold | Action |
|---|---|---|
| Service down | > 5 min | Page on-call |
| Low balance | Less than 0.05 ETH | Refill wallet |
| High error rate | > 20% | Investigate |
| Memory usage | > 80% | Scale up |
Incident Response
If Compromised
- Immediate: Stop the resolver service
- Contain: Revoke any API keys
- Assess: Check wallet transactions
- Recover: Create new wallet, rotate keys
- Report: If network-wide, contact Pons team
Contact
For security issues:
- Email: security@pons.sh
- Discord: #security channel
Summary
Running a Pons operator is similar to running any blockchain infrastructure. Key points:
- Use dedicated wallets - Never your main wallet
- Set reasonable fees - Avoid dust attacks
- Monitor your service - Know when things go wrong
- Keep updated - Security patches are important
- Separate concerns - Hot wallet, cold storage, profits
The Pons Network is designed with defense-in-depth. By following these guidelines, you minimize your risk while participating in the network.