Skip to main content

Documentation Index

Fetch the complete documentation index at: https://cobo.com/developers/llms.txt

Use this file to discover all available pages before exploring further.

Try Cobo WaaS Skill in your AI coding assistant (Claude Code, Cursor, etc.). Describe your needs in natural language to auto-generate production-ready SDK code and debug faster ๐Ÿš€
The embedded risk control mechanism is a basic risk control mechanism built into the TSS Node. It evaluates task requests based on predefined rules that cannot be customized. A task request must be approved by both the embedded risk control module (if enabled) and all configured callback servers before it can proceed.

โ€‹
Configurations

The embedded risk control module can be configured through the configs/cobo-tss-node-config.yaml file. The configuration defines rules for the following task requests:
  • Key generation (KeyGen): Creating new key shares for MPC Wallets
  • Key signing (KeySign): Signing transactions or messages
  • Key resharing (KeyReshare): Redistributing key shares among participants
Hereโ€™s an example configuration: 
embedded_risk_control_rules:
  enable: true
  key_gen:
    reject_all: false
    allow_list:
      - threshold: 2
        node_ids:
          - <Cobo TSS Node ID>
          - <ThirdParty TSS Node ID>
          - <Customer TSS Node ID>
  key_sign:
    reject_all: true
  key_reshare:
    reject_all: false
    allow_list:
      - xpubkey: <EXTENDED_ROOT_PUBKEY>
        new_threshold: 2
        new_node_ids:
          - <Cobo TSS Node ID>
          - <ThirdParty TSS Node ID>
          - <Customer TSS Node ID>
  key_share_sign:
    reject_all: true
  • enable: Enable or disable the embedded risk control mechanism
  • key_gen.reject_all: If true, reject all key generation requests
  • key_sign.reject_all: If true, reject all key signing requests
  • key_share_sign.reject_all: If true, reject all requests to sign messages for key share verification
  • key_reshare.reject_all: If true, reject all key resharing requests
  • <key_gen>.allow_list or <key_reshare>.allow_list: List of allowed key generation or resharing configurations
    • xpubkey: Root extended public key for key resharing
    • new_threshold: The new signature threshold
    • new_node_ids: Node IDs of the parties allowed in key resharing
Replace the placeholders with actual values:
  • <EXTENDED_ROOT_PUBKEY>: The MPC Walletโ€™s root extended public key
  • <Cobo TSS Node ID>: Coboโ€™s TSS Node ID
  • <Customer TSS Node ID>: Your TSS Node ID
  • <ThirdParty TSS Node ID>: A third-party TSS Node ID
To learn more about the TSS Node configuration, see Configure the TSS Node.

โ€‹
Security recommendations

  1. While the embedded risk control mechanism provides basic security, itโ€™s strongly recommended to also implement the callback mechanism for additional custom risk controls. This combination offers a more comprehensive and flexible risk management strategy.
  2. Regularly review and update your risk control configurations
  3. Test your configurations in a development environment before deploying to production

โ€‹
Next steps