Skip to main content
The server co-signer solution provides two risk control mechanisms to help secure your MPC Wallets:
  1. Embedded risk control mechanism
  2. (Recommended) TSS Node callback mechanism
The embedded risk control mechanism provides basic, non-customizable rules, while the TSS Node callback mechanism enables you to implement custom risk control logic. If both mechanisms are enabled, they work together - a task proceeds only when approved by both. We recommend implementing the callback mechanism for greater flexibility in managing your MPC Wallet security.

Embedded risk control mechanism

The embedded risk control mechanism is a basic risk control mechanism built into the TSS Node. It:
  • Can be enabled or disabled through the configuration file.
  • Uses a set of predefined rules that are fixed and cannot be customized.
  • Provides a foundational layer of security for your MPC Wallet operations.
For more detail about the embedded risk control mechanism, see Embedded risk control mechanism.

TSS Node callback mechanism

The TSS Node callback mechanism provides a flexible, customizable risk control mechanism that:
  • Implements your custom risk control rules.
  • Reviews all task requests in real-time.
  • Makes approval/rejection decisions based on your business logic.
  • Communicates securely with the TSS Node using JWT authentication.
You can deploy multiple callback servers for enhanced security when you have multiple systems with different control requirements. Each callback server can have its own risk control rules, and a task request will be approved only if all configured callback servers approve. To learn more about the TSS Node callback mechanism, see TSS Node callback mechanism.

Controlled operations

Both risk control mechanisms can review and control the following task requests:
  • Key generation (KeyGen): Creating new key shares for MPC Wallets.
  • Key signing (KeySign): Signing transactions or messages.
  • Key resharing (KeyReshare): Redistributing key shares among participants.

Risk control workflow

The following diagram illustrates how the two risk control mechanisms work together: Risk control workflow When the TSS Node receives a task request:
  • If enabled, the embedded risk control module evaluates the request using its basic rules.
  • If configured, the callback risk control module sends the request to all configured callback servers.
The request proceeds only if:
  • The embedded risk control module approves (if enabled).
  • AND all configured callback servers approve.

Next steps

  1. Configure embedded risk controls
  2. Set up your TSS Node callback server
Feel free to share your feedback to improve our documentation!