Identity: recovery DAO for Quick accounts

[Ivshti]

The idea is to allow users with quick (limited) accounts to recover their account

The process will work as follows:

• when the user makes a quick account, we create two wallets: wallet A and wallet B; we create an identity that can be controlled by wallet A and the recovery contract (both having full permissions); we sign a message, using wallet A, that will later allow the recovery contract to call into the identity and add wallet B, and sends that message to AdEx (either the market or the relayer); they receive the seed to wallet B on email, directly from the browser
• if the user loses wallet A, they will send a request to the AdEx market/relayer, which will check the activity of the account and if it's really inactive, send the signed message to the recovery contract
• the recovery contract verifies the message and calls into the identity, adding wallet B
• user can now use wallet B and withdraw their funds

looking for ways to make this simpler

this requires two potential changes to the identity contract:

• accept execute() w/o a message, but directly through msg.sender, allowing smart contracts to call into the identity
• have a lastInteractedWith public timestamp

[Ivshti]

simpler option 1:

• when the user makes a quick account, we create wallets A,B and we deploy the identity with wallet A only; but we sign a TX from wallet A to authorize wallet B and send it to the relayer/market; we send the seed to wallet B to the users email, from the browser
• if the user loses wallet A, they can ask the relayer/market to authorize wallet B; the relayer/market will now check for inactivity (or maybe another factor?)
• the user can now withdraw by using wallet B

the security model here is based on having a backup in your email, but not allowing that backup to be immediately usable in case someone compromises your email

the onboarding process will just have to ask: "Quick account" or "Full account"

quick accounts: limited to 100 DAI, require an email full accounts: requires metamask/trezor/ledger, unlimited

[Ivshti]

we can also use shorter seeds (6-8 words) considering that (1) the email can be used as part of the seed and (2) the accounts would be limited to holding 100-200 DAI

[Ivshti]

this is problematic: there's no secure way to send a key over email; closing this for now, and another option will be figured out