Infrastructure controls protect the foundational systems that support the protocol: domains, web applications, cryptographic keys, off-chain services, and RPC connectivity. Weaknesses here can undermine even the strongest on-chain security.
Domain registrar accounts are hardened (hardware 2FA, restricted account recovery). Domain lock is enabled to prevent unauthorized transfers. Registrar access is limited to the minimum necessary personnel, with access logged. Expiration monitoring is in place.
Frontend and API surfaces undergo regular penetration testing. Web infrastructure uses secure-by-default frameworks with CSP headers, subresource integrity, and input validation.
Cryptographic keys for privileged operations are stored in HSMs or cloud KMS, never in plaintext, environment variables, or source control. Key generation follows a documented ceremony. Rotation schedule exists and is enforced. Access to signing infrastructure requires multi-party authorization. Backup and recovery procedures are tested on a recurring basis.
All off-chain components — cranks, keepers, liquidation bots, relayers, indexers, APIs — are enumerated with their availability requirements and failure impact documented. Services run with redundancy and failover. Secrets management uses dedicated tooling (Vault, cloud-native KMS), not shared credentials. Server and container access follows the principle of least privilege with audit logging. Cloud infrastructure configuration is reviewed for misconfigurations (public buckets, overly permissive IAM).
RPC provider strategy is documented: self-hosted, third-party, or hybrid. Single-provider dependencies are avoided on critical paths. Fallback RPC endpoints are configured and tested. Rate limits and provider SLAs are understood relative to the protocol's throughput requirements. Validator client diversity considerations are documented where relevant.