Wallet and private key security
All contract-administration privileges that depend on wallet keys are managed with Safe multisig wallets.
- High-risk actions—upgrades, parameter changes, permission changes—must be proposed through Safe multisig and executed only after required signatures
- Multisig reduces single-point mistakes or single-key compromise and keeps governance reviewable and transparent
Reporter service keys are held in AWS KMS and signing runs inside a TEE (Trusted Execution Environment):
- Reporter keys are generated, stored, and used inside KMS and the TEE; external systems and staff cannot access or export raw key material
- Signing happens in the TEE; callers receive signatures only, not the key—reducing theft or tampering
- Together with cloud hardware security and access policies, this raises production key security and lowers leakage risk from intrusion or vulnerabilities