Validator Security & Operations

Vixello Security & Operational Practices

At Vixello, we operate our validators with a strong emphasis on security, reliability, and transparency. This document outlines the policies, controls, and operational standards we follow to ensure that our validators operate in the best interests of all the networks we validate on.

Key Security Principles

Key Management

  • Identity Keypair: Used only for block signing; never exposed publicly.
  • Vote Account Keypair: Stored securely and used only by the validator process.
  • Withdraw Authority Keypair: Stored offline in cold storage; used only when necessary for validator maintenance.

All private key material is encrypted at rest and access is strictly limited.

Infrastructure Security

All our validators are hosted in a secure infrastructure with the following controls:

  • Enterprise-grade virtualization with strict access control
  • Redundant networking and power
  • Hardened Linux server (Ubuntu LTS)
  • Only required ports forwarded (UDP 8000–8020, TCP 8899)
  • Host firewall and provider security group locking down unnecessary traffic

Validator Process Isolation

The validator processes run under a dedicated non-privileged user. Logs and data directories are owned by this user and protected. Furthermore, the following checks are performed regularly:

  • Backups of the ledger/account data are performed
  • Resource limits set to avoid CPU/RAM exhaustion

Monitoring & Alerting

We use multiple monitoring layers to ensure uptime and performance:

  • System-level monitoring (disk, CPU, memory)
  • Validator performance monitoring (skip rate, vote latency)
  • Real-time alerting (Slack/Email/Telegram) for critical events
  • External uptime checks

Our team is located in multiple timezones, ensuring responses to alerts within 15 minutes, 24x7.

Upgrade & Patch Management

Whenever a new upgrade/update is rolled out, we ensure to implement it within a 12-24h timeframe. We also follow a periodic protocol for this:

  • Weekly maintenance windows
  • Prompt application of security updates
  • Validator processes kept updated with future releases
  • Testing on staging environments before production upgrades
  • Dependencies (OS, libs, runtime) are updated according to best practices

Operational Transparency

We publish key performance and uptime metrics via public dashboards:

  • Validator performance (skip rate, root distance)
  • Vote credits
  • Validator uptime
  • MEV participation (if applicable)

Links to these are available on our app listing.

Incident Response & Reporting

Any incident impacting validator behavior is handled according to our incident process:

  • Detect and assess
  • Communicate to stakeholders
  • Contain and mitigate
  • Publish post-mortem on our site

Contact us at: security@vixello.com

Responsible Participation

We are committed to:

  • Contributing to network health
  • Avoiding consensus-breaking modifications
  • Responding to validator upgrades in a timely manner
  • Ensuring MEV participation stays within community best practices

Governance & Documentation

Our operational policies are documented and versioned:

  • Internal SOPs (Secure key handling)
  • Patch and upgrade logs
  • Performance tuning logs
  • Monitoring and alert documentation

These are available upon request to delegators.

Our Commitment

At Vixello, we believe decentralization is only as strong as its stewards. We operate our validators with discipline, transparency, and a focus on the long-term health of all the networks we validate on.