Technical Dive: Social Recoverable Accounts
Overview
In this article, we will explore the concept of Recoverable Account and how it can be used using Openfort’s APIs. We will discuss the benefits of Recoverable Accounts, the design of Openfort Recovery, and what the future holds for this technology in the context of blockchain games and developers.
Understanding Social Recoverable Accounts
Recoverable Accounts are a type of smart wallets that offer a method to recover lost access to a self-custodial account when not in possession of the seed phrases. It is Ethereum co-founder Vitalik Buterin's preferred method for securing a wallet.
Social Recoverable Accounts -also named social recovery- use smart contracts and Recovery Contacts (also known as Guardians) to add an additional layer of security. When a player loses access to their wallet (in this case, the private key controlling their Openfort account), they can reach out to their recovery contacts to sign a transaction to recover their wallet.
Even though guardians can sign via direct onchain transfer, with Openfort they also can leverage our API to avoid paying fees; sending the signed message for them.
Openfort Recovery Design
Openfort Recovery Design is inspired by the Social Recovery systems implemented by Argent. The owner of the wallet is always in full control, and a threshold is assigned for a minimum number of guardians to recover the wallet.
The owner can:
- Propose a new guardian.
- Cancel the proposal of a new guardian.
- Revoke a guardian.
- Cancel the revocation of a new guardian.
- Cancel the recovery mode.
- Transfer the ownership of the account (2 step process).
A guardian can:
- Start a recovery process.
- Lock and unlock the account for a period of time (
lockPeriod
).
Anyone can:
- When a guardian has been proposed for enough time (
securityPeriod
), confirm its proposal. - When a guardian has been revoked for enough time (
securityPeriod
), confirm its revocation. - When in recovery mode, submit the list of needed signatures (from half of the guardians) to complete the recovery of the account.
Recovery Walkthrough
Given a player that has already connected their self-custodial wallet and Openfort has already deployed a smart wallet, we’re looking at an example where Openfort is by default the only guardian to recover the account.
This is just for demonstration purposes. In reality the players with self-custodial wallets have full control of their smart accounts and can decide who to add or remove as guardians. As a game developer you can suggest a friendly configuration where the game is one of the guardians to ease the recoverability process of the account.
When "Start Recovery Process", this action calls the start recovery function in the contract, signaling the default Guardian (Openfort in this case) to initiate the recovery process.
Openfort (the guardian) has 2 days to complete the recovery process (gather all required signatures).Once signed, it approves the recovery process and the ownership of the account changes to the new address specified during the recovery initiation.
In the event of the owner’s private key being found or the process being started by a malicious guardian, the owner can cancel the recovery process anytime before being completed.
Trying out Openfort's Sample
For developers eager to dive into the code Openfort has made their contracts available in the Openfort Contract Repository and the sample.
To get started with the sample:
- Clone the Sample Repository: This is the first step to accessing the sample code.
- Setting up the Environment: Before diving into the code, ensure you've set up the environment correctly. Create the
.env
file from the.env.loca
example and populate it with the necessary information. All the required details can be fetched from the Openfort dashboard. - Starting the Sample Application: Once everything is set up, execute
yarn
and thenyarn start
to get the sample application running.
Wrapping up
Excited to use recoverable accounts in your game? Let's get started by looking at our documentation and our video walkthrough for more.
If you have more questions/ideas/queries, join our Developer Discord and let us know there. Furthermore, you can follow us on Twitter for our updates as we keep shipping.