Passphrase recovery DAO

[Ivshti]

Is your feature request related to a problem? Please describe. Users may forget their passphrase and the current way to reset is manual.

Implementing an automated account recovery would be a decent improvement to UX.

Describe the solution you'd like Every Identity (Account) is created so that the second controlling wallet is the AdEx recovery wallet. Replace that with a smart contract, AdExRecoveryDAO that is a basic timelock.

This contract has to have:

• An admin, that can be changed
  • The AdEx multisig will be the admin
  • The admin can cancel recoveries
• A boolean mapping of addresses that can propose recovery; the admin can change those w/o delay
  • For example, the relayer can propose recoveries
• A mapping of proposed recoveries (by hash) to the time the recovery becomes possible
• A delay time that can be changed by the admin, but no lower than a set minimum
• A function that allows each recovery request to be cancelled immediately by the account that is being recovered

Security implications: the only procedure that needs to have a timelock is the recovery itself. The goal of this is to allow the admin to save accounts if a proposer key (eg the relayer) is compromised.

The procedure would be the following:

• User requests account recovery
• They receive a magic link on their email that they can use to recover their account: on this link, they can either change their passphrase (which results in re-creating the quick account) or set a MetaMask address
  • initially we can implement only the passphrase change
• Once the request is submitted, the relayer triggers a transaction to AdExRecoveryDAO that proposes the recovery and sends an email to the user that their recovery was successfully requested and they need to wait
• Once the proposal has matured, the relayer triggers a transaction to AdExRecoveryDAO to finalize the recovery - once the tx is mined, an email will be sent to the user that their recoveyr was successful; this can be checked via cron

Migrating current accounts: to allow current accounts to enable the new recovery mechanism, prompt them with a modal that would issue a TX that would call setPrivilege twice to add the new recovery mechanism and remove the old one.

Describe alternatives you've considered Replaces https://github.com/AdExNetwork/adex-protocol-eth/issues/35, https://github.com/AdExNetwork/organization/issues/78, https://github.com/AdExNetwork/organization/issues/104, https://github.com/AdExNetwork/adex-protocol-eth/issues/87 and https://github.com/AdExNetwork/aips/issues/21

Later additions

• The Platform should request logs from the AdExRecoveryDAO contract, and if it identifies a pending recovery request for the current account, it should show a large warning banner and a button that allows the user to cancel it. Logic here is, if the relayer is compromised and it requests recovery of accounts, the user can cancel it
• The account page should have "Remove recovery service" button, with a modal explaining you that you're taking full responsibility and whether you agree or not, and an explainer that explains what the recovery service is.
• We should write a blog post explaining how passphrase recovery works in AdEx, "how AdEx protects your account" or something similar

Additional context

• @IvoPaunov will implement the UI and the relayer changes
• @samparsky will implement the SC

[Ivshti]

not relevant anymore, totally new system in the wallet (QuickAccounts)