Account ownership recovery sdk built on top Universal Profiles and on Lukso Testnet
Live example: Youtube:
-
- Github Profile: Naftali Murgor
- email: murgornaftali@gmail.com
- Github Profile: Collins Hue
Installation
yarn add lsp-social-recovery
or if using npm
npm install --save lsp-social-recovery
Install web3 too if not yet already.
This sdk builds on the Lukso Testnet and uses Universal Profiles Browser extension Universal Profiles Browser Extension please extension is installed to continue.
To use the SDK:
import SocialRecover from 'lsp-social-recovery'
const providerUrl = 'https://rpc.l16.lukso.network'
const provider = new HDWalletProvider({
privateKeys: [process.env.PRIVATE_KEY],
providerOrUrl: providerUrl,
pollingInterval: 18000,
shareNonce: false
})
const options = {
provider: provider,
account: '0x508234eA0600b837CD70332ab342f9BB3B4fF900'
}
const accounts = await window.ethereum.request({ method: 'eth_requestAccounts' })
// or
const options = {
provider: window.ethereum
account: accounts[0]
}
const socialRecovery = new SocialRecovery(options)
const main = async () => {
const superGuardians = []
try {
await socialRecovery.deploy()
// set secret phrase
socialRecovery.setSecretPhrase('a secret phrase')
// save privateKey
socialRecovery.setPrivateKey(privateKey)
// add super guardians
socialRecovery.addSuperGuardians(superGuardians)
} catch(err) {
console.err(err)
}
}
a. Signature submission and verification
First strategy in recovering account ownership after initialization is to let added superGuardians
sign messages and submit the message to be stored in the contract:
const messageHash = web3.utils.sha3(message)
const signature = web3.eth.accounts.sign(messageHash)
await socialRecovery.addGuardianSignature(superGuardian: Address, signature: string)
Note: All guardians must submit a signed message to be used to recover the account in future.
b. Verifying signature To recover the account, all superGuardians must verify their signatures individually:
// guardian1
await socialRecovery.verifySignature(messageHash, signature)
// guardian2
await socialRecovery.verifySignature(messageHash, signature)
// guardian3
await socialRecovery.verifySignature(messageHash, signature)
// all after signature verifications, recover account privateKey
await socialRecovery.recoverPrivateKey(secretPhrase)
All signature verification request must be initiated by the individual
superGuardian
Universal Profiles
Another strategy is using vote-based method to recover universal account ownership based on LSP11BasicSocialRecovery
await socialRecovery.setScret('a secret')
await socialRecovery.addGuardian(guardianAddress)
await socialRecovery.voteToRecover(recoverProcessId)
// after guardian voting:
await socialRecover.recoverOwnership()
Setup
Clone this repo:
git clone https://github.com/naftalimurgor/social-recovery-js
Install dependencies:
cd social_recovery/
yarn install
Build
To build
yarn build
Test
To run the tests
yarn test
Contributing
Contributions welcome! Feel free to create a new issue or submit a Pull Request.