Proposal for a Social Recovery Plugin

[armanmamyan]

What features do you need for your requested plugin?

The proposed Social Recovery Plugin should have the following features:

1. Guardian-Based Recovery:

   • Allow users to define a set of "guardians" (addresses) during account initialization or later.
   • Guardians can initiate and approve a recovery process to replace the current account owner if access is lost.

2. Threshold for Recovery:

   • A minimum number of guardian approvals (e.g., majority or predefined threshold) is required before recovery is finalized.
   • The threshold should be configurable during plugin initialization.

3. Recovery Delay:

   • Introduce a delay period (e.g., 48 hours) after recovery is initiated, during which the current account owner can cancel the recovery if unauthorized.

4. Owner Override:

   • Provide the current account owner the ability to cancel any ongoing recovery processes.

5. Multi-Signature Support:

   • Optionally allow guardians to act as a multi-signature group for certain operations, not just recovery.

6. Permission Management

   • Allow users to add, remove, or replace guardians over time through secure processes

What problems will this plugin solve?

1. User-Friendly Recovery: Reduces the reliance on centralized custodians or backup systems, providing decentralized yet user-friendly account recovery
2. Enhanced Security: A multi-signature recovery process with thresholds and delays reduces the risk of unauthorized account takeovers.
3. Improved Modularity: Establishes a standardized approach to social recovery within the ERC-6900 modular framework, benefiting wallet developers and users

Please describe, or link to, the project that needs this plugin.

The plugin will integrate into modular wallets such as those leveraging ERC-6900, Account Abstraction (ERC-4337), or other similar frameworks. These wallets allow decentralized applications (dApps) to provide secure, flexible, and user-friendly account management without compromising security or decentralization.

Self-Custodial Wallets: A social recovery mechanism lowers this barrier by enabling a guardian-based recovery process, which balances decentralization with usability.

Target Audience:

1. Users: Self-sovereign users who want decentralized control with fallback recovery options.
2. Developers: Wallet developers looking to integrate standardized, pluggable recovery mechanisms.

[armanmamyan]

@Dan-Nolan @CodesMcCabe, I'd appreciate some thoughts about this proposal or even some guidance on how to make this work. If I manage to do it, I'd be more than happy to open a PR and make it part of the plugins list

[armanmamyan]

After some research, I found out that Rhinestone team has already created a good to go example of contract

https://github.com/rhinestonewtf/core-modules/blob/main/src/SocialRecovery/SocialRecovery.sol

[noam-alchemy]

I'd appreciate some thoughts about this proposal or even some guidance on how to make this work. If I manage to do it, I'd be more than happy to open a PR and make it part of the plugins list

this proposal sounds great! the functionality you detailed makes sense and the code linked above could be a good example to operate off of. argent and soul wallet are other two smart accounts that have built account recovery as well if more examples are helpful.