Pool setup, keys and owner and operator Questions

Hi All,
Im just going through some guides on how to setup a pool. the CoinCashew (CC) guide in particular. In the CC guide they assert that the owner and the operator in their example is the same account (or set of keys). Im getting a bit confused at trying to work out at which address the pool fee (500ADA) gets removed (or locked up) and which address needs to have that amount in it. I understand the KES, node.cert and VRF parts ok, so i dont need to go through this.

Say if i want to setup the pool where the Owner just has the pledge amount in some address and the Operator is a separate entity that has keys to an address that has the pool fee in it. (below understanding of how this would happen → need confirmation)

Also the rewards account, who own this and who generates it, the Owner or the Operator?


Ill lay out my understanding of a psudo-guide so far in a nut shell after the cold-keys have been created:

  1. Create a Owner/Operator payment.skey/vkey pair
  2. Create a Owner/Operator stake.skey/vkey pair
  3. Build a stake.addr using the stake.vkey
  4. Build a payment.addr that is a combined enterprise and reward address using the payment.vkey & stake.vkey

at this point i assume one would fund the payment.addr with an amount of ADA not less than pool_fee + pledge amount + some_tx_fees

  1. Register the stake address on chain by producing a stake.cert using the stake.vkey and submitting it to the network.
  2. Create a pool.cert (and submit it to the network) that includes the pledge amount, and is using the parameters:
--pool-reward-account-verification-key-file stake.vkey \
--pool-owner-stake-verification-key-file stake.vkey \

So the reward account is the same as the stake account?

  1. Create a delegation certificate and submit it wot the network, using the Owner/Operator stake.vkey, cold node.vkey. (is this the point where the balance of address associated with the stake.vkey is checked for the pool_fee ?)


How would if look if i wanted the Operator and Owner to be separate? do i just create an

Owner payment.skey/vkey & stake.vkey/skey pair and an Operator payment.skey/vkey & stake.vkey/skey pair and build:


Then make sure the operator_payment.addr has the pool_fee in it
and make sure the owner_payment.addr has the pledge amount in it

Then register both stake address (owner_stake.cert & operator_stake_cert) ?

When at step 6, i only use the operator_stake.vkey when generating the pool.cert
when at step 7, i only use the owner_stake.vkey when creating the delegation.cert

Thanks for the help all

A pool can have multiple owners, but only a single reward account. All pool rewards (i.e. fix + margin) go to the reward account. The delegator rewards for the owner account(s) go to reward account as well. There must be sufficient trust between the owners and whoever controls the rewards account, so that the owners actually do get rewards.

The owner account(s) need to get witnessed the reward account does not. When you want to change the pool config you need to send it to all owners, to have it signed - the pool itself needs to sign too. Like this …

Hi @tomdx ,
Thanks for the reply, So when constructing the delegation.cert, i can just pass the outout of this tx.raw around to various owners and get them to witness it with their stake.vkey and send me back their witness file, where i use their witness files and construct the final tx and submit it to the network?

Im a little confused how just witnessing it (the tx.raw) with a stake.vkey, results in the stake/pledge getting picked up across all the owners accounts and getting accredited to the total pool pledge?

An owner witnesses with his/her respective *.skey. The *.vkey is a public key that can be used for verification. Yes, you send the tx.raw around to get witnessed. They can do this with ADALite.

Notice, how the above uses cardano-hw-cli instead of cardano-cli. Generally, if we are talking about more ADA than you are happy to loose, you want to use a HW wallet. The pool’s cold key can nowerdays also be secured with a HW wallet.

All pool owners contribute to the pledge. It is however a property of the pool config how much the pool actually pledges - this is not automatic. As a consequence, a pool owner cannot just leave and delegate elsewhere. If the pool’s pledge is not met anymore, there will be no rewards for nobody, also not for the delegators.

If an owner wants to leave, the process is as follows …

  1. update the pool config to reduce the pledge
  2. wait until epoch N+3 (not just N+2)
  3. update the pool config again to remove the owner

Note, this also requires sufficient trust.

Hi @tomdx ,

Thanks for the reply. SO we can do multi sig/ witness of a pledge for a pool cert. But there is no way to generate and sign a multi-sig set of keys for say the rewards account associated with the pool?

The pool registration certificate contains a number of *.vkey(s) like this …

The pool’s cold key and the owner keys need to get witnessed, the reward account doesn’t.
However, if you construct the reward account address with a simple multisig script it should be possible to secure pool rewards such that the owners do not need to trust a single entity - I’ve never done that though.