Hello, friends! This is James Agenda here.
Let's talk about these two types of accounts that are required when you are staking on Polkadot or Kusama:
The Stash Account and Controller Account.
It's very important to know how to get the best out of them to improve security and avoid risks!
In short:
Stash Account: it's where you keep all the funds you want to stake.
Controller Account: it's used to control actions related to your staking. (and others things..)
The Stash Account will be used to bond/unbond your funds and to choose which address will be the Controller Account.
The Controller Account will be used to take actions on behalf of the bonded funds.
However, the Controller Account can't move the bonded funds out of the Stash Account.
Can both Stash Account and Controller Account be at the same address?
Yes!
You can have the same address for your Stash Account and Controller Account.
However:
Polkadot's guide explicitly recommends using separated addresses for Stash Account and Controller Account.
There is even a warning when bonding funds using the same address for both accounts:
Why should you use separated addresses for Stash Account and Controller Account?
The purpose of keeping the Stash Account and Controller Account on separate addresses is security.
Your Stash Account will have most of your tokens and the power to move them.
Your Controller Account will have other useful powers, like nominating validators.
But your Controller Account can't move your tokens out of your Stash Account.
You will rarely need to touch your Stash Account after you bonded and selected the Controller Account.
Instead, frequently you will use your Controller Account.
You then expose more the Controller Account and keep the Stash Account safe.
If something happens to your Controller Account, you may change it from your Stash Account.
Benefits from using separated addresses for Stash Account and Controller Account
The most important benefit is that if someone uncovers your Controller Account's seed, they can't move your funds out of the Stash Account.
For example:
Suppose Staked 100 DOT.
You put the 100 DOT on an address that you choose to be your Stash Account.
On another address, for your Controller Account, you kept few DOTs to pay transaction fees.
After you bonded and started staking, you now don't need to touch your Stash Account frequently.
Suppose now that you are on a trip far from your trusted computer/device that you used to stake.
You then want to change your validators (maybe because they increased the rewards commission).
For that, you may want to use a friend's computer (or even the hotel's computer).
You can do this without inserting your Stash Account seed on it!
You can change validators just using your Controller Account.
Even if the computer has a virus, and your Controller Account seed is compromised, a hacker couldn't steal your Stash Account funds.
Therefore, the Stash Account and Controller Account work together as a feature for increasing security.
Another example:
You may want to share your Controller Account with a trusted friend/partner to help you with the nominations.
There are even websites (Be careful! I didn't try it yet!) offering this kind of service.
In this case, they will not be able to "steal" your funds.
However, you must pay attention:
They still can choose bad/inactive validators, change payment rewards destination, bond/unbond the funds, and do other actions related to your Stash Account.
Drafting a Will with Stash Account and Controller Account
Polkadot and Kusama helped me to answer an old question that I had asked myself sometimes:
What is the best way to estate planning / Drafting a Will using crypto?
Outside Polkadot and Kusama, I basically had 4 options on this:
Revealing my seed to my future heir (or to a lawyer).
Leave my seed hidden (like custody by a bank or in a vault).
Put my seed in a multsign arrangement.
Creating a mechanism that keeps tracking if I'm alive or not and, after my death, automatically reveals my seed to my heir.
For any of those cases, we can think of flaws:
My future heir could steal my cryptos while I'm still alive.
My future heir could never found the seed, or it could be not well-hidden.
People may collude and steal my cryptos while I'm still alive.
The mechanism could fail to track if I'm really dead or to keep the seed hidden until then.
But now, on Polkadot and Kusama, I found another option that I really liked.
I'm "Drafting a Will" using Staking + separated addresses for Stash Account and Controller Account.
All I need to do are these few steps:
First, I put the inheritance on a Stash Account (I will never reveal the seed);
Second, I set the Rewards Payment to the Controller Account;
and finally, I reveal the Controller Account Seed to my future heir.
Now, this is how the arrangement works:
The future heir can't steal the Stash funds but can access the periodically staking rewards on the Controller Account.
When I pass away, I'm leaving a revenue stream of crypto passive income for my heir.
My heir will be able to keep controlling the nominations without using the Stash Account.
What do you think about this? Is it a good idea? Will it work?
I will ask people's opinions on this in the Polkadot/Kusama communities.
Subscribe if you want to keep updated on that.
3 Bonus Tips on Stash Account and Controller Account:
1) Keep the Stash Account on Ledger Hardwallet...
For your stash account, use an address created on a hardwallet.
It will greatly increase the security level of your funds.
And it won't cause many inconveniences since you rarely will need to touch your stash account.
2) ... but not the Controller Account.
Keep your Controller Account in an address out of a hardwallet.
It will be easier to use it (you'll need to use it more often than the Stash Account).
Also, the Ledger hardwallet doesn't sign some functions.
Therefore, a Controller Account on a Ledger hardwallet is unable to do some actions.
3) Pay attention to the existential deposit
Remember to keep at least the existential deposit on the Controller Account's address.
Otherwise, you may not receive rewards when payment is set to the Controller Account.
Also, add some more tokens to cover the Blockchain fees.
For more content, consider subscribing for free to keep yourself informed on Polkadot & Kusama ecosystem!
Cheers! 🥂
I think it's flawed because if the controller key is compromised & then can be used to vote on proposals which are malicious.
Rather the system should be like reset keypair mechanism. Imagine every account (username) has 2 keys: Owner & Active. Now, it is recommended to use 'Active' key. But, in case if you lose 'Active' key, then you can just change that using `Owner` key (infrequent use).
Owner vs Active key: Both can do everything except for resetting keypair. `Active` keypair can't change its own keypair nor `Owner` keypair.