Technical Dive: Recoverable Accounts

Joan Alavedra
Group 385.svg

Overview

In this article, we will explore the concept of Recoverable Account and how it can be used using Openfort’s APIs. We will discuss the benefits of Recoverable Accounts, the design of Openfort Recovery, and what the future holds for this technology in the context of blockchain games and developers.

Understanding Recoverable Accounts

Recoverable Accounts are a type of smart wallets that offer a method to recover lost access to a self-custodial account when not in possession of the seed phrases. It is Ethereum co-founder Vitalik Buterin's preferred method for securing a wallet.

Recoverable Accounts -also named Social Recovery Accounts- use smart contracts and Recovery Contacts (also known as Guardians) to add an additional layer of security. When a player loses access to their wallet (in this case, the private key controlling their Openfort account), they can reach out to their recovery contacts to sign a transaction to recover their wallet.

Even though guardians can sign via direct onchain transfer, with Openfort they also can leverage our API to avoid paying fees; sending the signed message for them.

Openfort Recovery Design

Openfort Recovery Design is inspired by the Social Recovery systems implemented by Argent. The owner of the wallet is always in full control, and a threshold is assigned for a minimum number of guardians to recover the wallet.

RECOVERY1.svg

The owner can:

  • Propose a new guardian.
  • Cancel the proposal of a new guardian.
  • Revoke a guardian.
  • Cancel the revocation of a new guardian.
  • Cancel the recovery mode.
  • Transfer the ownership of the account (2 step process).

A guardian can:

  • Start a recovery process.
  • Lock and unlock the account for a period of time (lockPeriod).

Anyone can:

  • When a guardian has been proposed for enough time (securityPeriod), confirm its proposal.
  • When a guardian has been revoked for enough time (securityPeriod), confirm its revocation.
  • When in recovery mode, submit the list of needed signatures (from half of the guardians) to complete the recovery of the account.

Recovery Walkthrough

Given a player that has already connected their self-custodial wallet and Openfort has already deployed a smart wallet, we’re looking at an example where Openfort is by default the only guardian to recover the account.

RECOVERY2.svg

This is just for demonstration purposes. In reality the players with self-custodial wallets have full control of their smart accounts and can decide who to add or remove as guardians. As a game developer you can suggest a friendly configuration where the game is one of the guardians to ease the recoverability process of the account.

When "Start Recovery Process", this action calls the start recovery function in the contract, signaling the default Guardian (Openfort in this case) to initiate the recovery process.

Openfort (the guardian) has 2 days to complete the recovery process (gather all required signatures).Once signed, it approves the recovery process and the ownership of the account changes to the new address specified during the recovery initiation.

In the event of the owner’s private key being found or the process being started by a malicious guardian, the owner can cancel the recovery process anytime before being completed.

Trying out Openfort's Sample

For developers eager to dive into the code Openfort has made their contracts available in the Openfort Contract Repository and the sample is here.

To get started with the sample:

  • Clone the Sample Repository: This is the first step to accessing the sample code.
  • Setting up the Environment: Before diving into the code, ensure you've set up the environment correctly. Create the .env file from the .env.loca example and populate it with the necessary information. All the required details can be fetched from the Openfort dashboard.
  • Starting the Sample Application: Once everything is set up, execute yarn and then yarn start to get the sample application running.

Wrapping up

Excited to use recoverable accounts in your game? Let's get started by looking at our documentation and our video walkthrough for more.

If you have more questions/ideas/queries, join our Developer Discord and let us know there. Furthermore, you can follow us on Twitter for our updates as we keep shipping.