VIIO - Social Recovery Key (Dapp)

We have seen that one of the main issues for mass adoption for DeFi in Latin America is the self-custody of recovery keys. Web2 users are not familiar with this method and find it very unpractical. This is especially relevant when many users tend to forget or lose the paper/cellphone in which they stored their key and end up losing access to their funds.

As a result, we want to bring a convenient and reliable recovery method for users in Latin America, so that they never lose access to their funds. We call this a Social Recovery Key which is accessible through wallet connect, simplifying the self-custody process of seed-phrases based on a social recovery method leveraging trust mediated by a Dapp/web2 app and a "Trust Contract" with which any wallet will be able to interact with.

The social recovery method consists of the following:

1. The user enters into the Dapp, registers his wallet and defines his guardians.
2. The user loses access to the seed phrase.
3. The user triggers the recovery request by inputting the new wallet address to which the "Trust Contract" will be assigned. This will reassign the owner of the "Trust Contract" and will transfer the funds from the lost wallet into the new wallet.
4. The guardians validate the recovery request (reassignment of ownership).

This recovery method will operate as a Dapp, accessible through wallet connect making this method available for users of any of the 170 other wallets supported by wallet connect.

We are convinced that by distributing trust between close individuals and by simplifying the way in which new adopters save their seed phrases, we will be able to drive adoption in Latin America and contribute to a stronger community of individuals that can rely on the immutable and transparent character of Blockchain technology.

How we built the project:

First we developed a “Trust Contract” on solidity and deployed it on Polygon. Then we established a connection with WalletConnect, so that the application could link a wallet to a user. Once that connection is established, a “Trust contract” is created using as seed a unique user ID and an additional SALT to obtain the address. As a result, the assets held by the connected wallet, will be managed by the “Trust Contract”.

Users designate guardians which can be wallets or “Trust Contracts”. The recovery method is triggered by transferring the ownership of the “Trust Contract” to a new wallet address. Guardians sign the request (current setup: 50%+1 must sign for the transfer to be approved).

These are the technologies that we used: For the “Trust Contract”: Solidity, Polygon - polygon allowed us to deploy quickly and cheaply the “Trust Contract “factory and the subsequent contracts. For the web3 wallet connection: WalletConnect (it can be done with web3auth too). Using WalletConnect allowed us to easily interact with a wide array of wallets proving that the “Trust Contract” integration was stable and that it meets the requirements. For the web3 contract call we used ethers.js and web3js.

Did you do anything particularly hacky that's notable and worth mentioning? How did you impress yourself which what your team built?

One thing that became apparent after the implementation of the social recovery method is that the trust contract behaves as a "vault" for the original wallet, effectively generating a partition that will segmentate funds at the discretion of the final user, also this "vault" gives Dapps the possibility of having a hybrid approach between a custodial wallet and a non-custodial wallet.

The “Trust Contract” and the resulting vaults, enable the possibility to weight the voting power of guardians within the recovery process. This ensures a higher standard and neutrality

Additionally, a user can designate as guardian any address, enabling a stronger layer of security that can be set up with other wallets/ vaults that he owns.

Please note that a vault can be also used as a guardian. A delegated network of guardians could be created.