I've been looking into account abstraction features and account recovery sounds like something very important to improve the user experience.
But it come with counterpart, most of theses method introduce trust and centralization in the process.
So I tried to imagine a way to recover account in a fully decentralized way.
And I found something, and I would like to share it with the community to know if it could be a good Idea or not and if it's a good one, is it already existing ?
The idea is to create a recovery contract. The contract has the right to assign a sender into authorized signers in the smart account. We can imagine to plug it to the factory or something like that.
The idea is to use 2 parameters, a recovery deposit and a a time lock duration.
To recover an account you have to send the recovery deposit to the recovery contract and wait for the time lock duration.
During timelock, the signers of the smart account can decline the claim and the recovery attempt is cancelled. Then the recovery deposit is sent to the smart account.
If nothing happens after timelock, then the claimer become a smart account signer.
The 2 parameters can be set by the owner based on his risk tolerance and his balance. A 500eth account should have a higher recovery deposit and more timelock to avoid people trying to recover it.
Hypothetically, anyone can try to recover an account but due to the deposit needed, the risk to do it will Discourage people to try it. And in case it happens, it also reward the owner as a sort of "compensation".
I also imagined some counter to fraudulent attempt like frontrun, some people can try to listen mempool to find account recovery transactions and frontrun them cause they are sure that theses account are not protected cause owner has lost access to it.
The counter is to make the process in 2 transaction:
a proof of intention sent to the recovery contract witch is just a hash of the account to recover and the address of the claimer.
The claim. In the claim function the contract will hash the sender and the account address, and if there is a matching hash in the proof of intention list, then transaction is valid.
By this way the claimer can't be frontrunned and will get access to his account before frontrunners. We can also imagine to set a limit of 1 recovery attempt at the same time to avoid people to claim just after to try to stole funds.
What do you think of this system? It could be implemented as optionnal recovery method for people who don't want to trust people to recover their account.
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments