Custody Model

PrimeStaking operates a non-custodial, smart contract-based custody model. Validator keys and staked assets are managed entirely by audited on-chain contracts - no human interaction in custody flows.

Design Principles

Principle

Implementation

Non-custodial

Users retain full ownership of assets at all times

Permissionless

Anyone can verify validator state and staked assets on-chain

Trustless

No single entity controls validator keys - the protocol enforces custody rules through code

Transparent

All custody operations are logged on the blockchain

How It Works

Validator Key Management

Validator keys are generated and secured by on-chain smart contracts
No human operator has direct access to private keys
Key rotation and management are governed by contract logic

Staked Asset Custody

User XDC deposits are held in the Liquid Staking Pool contract
The contract delegates staked XDC to validators programmatically
Withdrawal requests are processed through the contract's redemption queue
At no point does a human operator have discretionary control over user funds

Two Distinct Layers

It is important to distinguish between asset custody and contract governance:

Layer

Mechanism

Human Involvement

Validator key custody

Fully on-chain, smart contract-managed

None - trustless by design

Contract upgrades

Multisig with timelock

Yes - multi-party approval required for any code changes

Validator keys and user funds are secured by code with zero human access. Contract upgrades (bug fixes, parameter changes) require a separate multisig governance process with mandatory timelock delays.

→ Governance Details

Institutional Considerations

Question

Answer

Who controls the masternodes?

Smart contracts manage validator operations programmatically

Who signs upgrades?

Multisig governance with timelock (see Governance)

Is there a multisig?

Yes - contract upgrades require multi-party approval

Is there a timelock?

Yes - upgrade execution is delayed to allow review

Who controls the treasury?

Protocol treasury is governed by multisig with transparent on-chain operations

Is there automated reporting?

Yes - all staking, reward, and withdrawal events are indexed on-chain

Audit & Collaboration

The custody model is developed in collaboration with:

Nethermind - smart contract development and security review
XDC Core team - network-level validator integration
QuillAudits - independent external audit (98.8% score on staking contracts)

A dedicated audit of the custody contracts is in progress. Full results will be published upon completion.

Risk Mitigation

Risk

Mitigation

Smart contract exploit

Independent audits, reentrancy guards, pausable contracts

Validator downtime

Multi-validator delegation, performance monitoring

Unauthorized upgrades

Multisig + timelock governance

Key compromise

On-chain key management - no human access to private keys

Delayed withdrawals

Transparent queue processing with predictable timelines (~31 days)

What This Means for Partners

No third-party custodian risk - assets are secured by code, not by an institution
Verifiable at any time - on-chain state is the single source of truth
No operational dependency - the protocol operates autonomously once deployed
Institutional-grade transparency - full auditability aligned with exchange compliance requirements

PreviousArchitecture NextIntegration Models

Last updated 3 days ago

hashtagDesign Principles

hashtagHow It Works

hashtagValidator Key Management

hashtagStaked Asset Custody

hashtagTwo Distinct Layers

hashtagInstitutional Considerations

hashtagAudit & Collaboration

hashtagRisk Mitigation

hashtagWhat This Means for Partners