So if you haven’t notice , there isn’t a forget password button in web3 yet, and if there is it’s usually centralised and trusted provider giving that service . But what if that wasn’t the case ? What if we could have a decentralised trustless wallet recovery system powered by smart contracts ? Well this is what i propose here
In 2021 , Near wallet did implement this , they used a centralised OTP email server to do that, plus the private key was stored by them encrypted in their server. Soon enough a social engineering attack , comprosed the email server and thousands of customer wallets were compromised . Ton wallet currently is doing the same thing , and hence are not a non custodian wallet option. Then there are MPC wallets , MPC wallets could be seen as partially custodial and non interoperable with normal wallet standards . Hence MPC wallets do require a central party to be there
We use DKIM signature verification to verify emails , and vet keys to store end to end encrypted seed phrases . The Encrypted seed phrase can only be decrypted if the user sends a valid DKIM signature of this email . Hence we can now have wallet recovery mechanism
- User clicks on register which shows 5 digit number that is going to expire in 5 minutes
- Then an instruction is set out such that the user has to give a copy of the email which has those 5 digits
- Then the user sends an email to the email he want to use as recovery.
- Then submits the copy of the email from his recovery email
- Then user enters the secret phrase
- User enters email
- After checking if the email is registered , then a 5 digit number is show
- The user sends the copy of a email which has those 5 digit number
- The smart contract verifies the email using DKIM and return the phrase
Click to view video
