Mnemonic phrase free - Social recovery crypto wallets
Integrating blockchain technology into our daily lives brings significant challenges and risks, especially when storing private keys, mnemonic phrases, and seed phrases. Recent unfortunate incidents such as the FTX exchange collapse and Mt. Gox hacking underline the dangers of entrusting your keys to centralized services. In these times, it is critical to steer clear of storing assets on centralized exchanges.
While hardware cold wallets like Ledger and Trezor have been considered secure non-custodial asset management solutions, recent events have highlighted their potential vulnerabilities. Even these devices are not immune to threats, as manufacturers can access private keys upon request, and there have been confirmed cases of hacking. These incidents remind us that security in digital assets is paramount.
So, where can you securely store your digital assets, drastically reducing the risk of hacking, while also minimizing the potential for forgetting your key phrase?
This is the second article in our research series. You can read the first article for more information.
Exploring Social Recovery Wallets: The Argent Example
Regarding cryptocurrency wallets, social recovery is an emerging concept that solves the issue of lost or compromised keys. Argent, a popular platform, is a good example of a social recovery wallet. Let's examine it more closely.
At its core, Argent leverages a multi-signature wallet approach, which traditionally requires the signatures of multiple participants to authorize transactions. However, Argent introduces a groundbreaking concept: social restoration through guarantors. This means that transactions can be initiated without needing multiple signatures, revolutionizing the user experience.
It's essential to address a potential vulnerability in this approach. After gaining access, malicious actors could add new guarantors or remove existing ones. To mitigate this risk, Argent and other wallets introduce delays for such operations. In the case of Argent, a delay period of 3 days is implemented, allowing users to detect unauthorized changes.
Another crucial aspect to consider is the gas consumption associated with these operations, as they are executed on the underlying blockchain network via smart contracts. In order to ensure affordable usage for everyday users, there is a compelling need for many to transition to Layer 2 blockchains, which offer cost-effective alternatives.
Determining the nature of guarantors is a critical consideration. They can be trusted individuals such as friends with crypto wallets, family members, or even centralized services. However, this choice inevitably raises questions of trust, requiring users to evaluate and select their guarantors carefully.
If users opt to utilize alternative wallets for social recovery purposes, it becomes imperative to implement robust security measures for accessing and managing these wallets. Safeguarding the integrity of the recovery process is paramount to ensuring the overall security of digital assets.
Layer 2
Solving the gas problem is not only about GAS
More than a few users find it hard to justify transferring a mere $100 with enthusiasm when faced with commissions as high as 20% or even 40%. These exorbitant fees have been a thorny issue for users of smart contract wallets on Layer 1 (L1) networks. However, there is a glimmer of hope in the form of Layer 2 solutions, which remedy the problem of high commissions.
It is crucial to highlight the acute nature of smart contract security concerns. A bug was discovered in Argent X, underscoring the importance of robust security measures. This incident serves as a reminder that even well-established platforms must remain vigilant in their pursuit of bulletproof smart contract implementations. We can mitigate risks and foster a safer environment for users to interact with decentralized applications.
However, it is important to note that all the core smart contracts of Argent are public and accessible on their GitHub repository. These contracts are regularly updated, indicating the team's active commitment to ongoing development and improvement.
The key features promoted by Argent include:
- Multisig: Multiple signatures from participants
- Social recovery
- Excellent signature scheme and elliptic curve from Ethereum
Argent justifies the development of Layer 2 as a necessity for creating Account Abstraction (AA). This approach allows them to move away from smart contract wallets, which are considered temporary solutions for implementing AA functionality on Ethereum-based networks.
On StarkNet and zkSync, an account abstraction (AA) will be launched, introducing a new level of abstraction for accounts. The team highlights the vulnerabilities of smart contract wallets, as their underlying foundation relies on regular wallets with smart contracts and authenticity verification based on Secp256k1, which is susceptible to quantum computing algorithms, according to their claims.
Furthermore, the entire Ethereum ecosystem is built around Externally Owned Accounts (EOA). While supporting smart contract wallets does not require significant changes, it still necessitates modifications, leading to limited adoption by many participants.
Summary
In summarizing, the discussion surrounding smart contract wallets and social recovery wallets primarily focuses on individual use cases. However, when the focus shifts to using these wallets for asset management within companies, especially when there is a need to mitigate the BUS factor while maintaining high-level security, it takes more work to find better solutions than smart contract wallets like Safe (ex Gnosis).
References
- Description of social restoration by Vitalik Buterin
- Learn more about the Recovery Mechanism (P.S. restoring a wallet on ETH costs more than $100.)
- Discussion on AA in ETH
- EIP-3074 vs. ERC-4337
- A book on Post-Quantum Cryptography
- Post-Quantum Cryptography Community
- Interesting developments related to AA for Ethereum
- EIP-2938 Account Abstraction enables smart contracts to act as top-level accounts
- EIP-3074: AUTH and AUTHCALL opcodes allow users to delegate control over their EOA to a smart contract. A step towards making EOA functionally equal to a wallet on smart contracts. This does not fix the key problems of EOA but expands its functionality
- ERC/EIP-4337: Account Abstraction Using Alt Mempool It should simplify writing and solve many problems of wallets on smart circuits, but it does not change the essence of EOA
P.S.
Argent has introduced a new wallet recover — off-chain without wasting gas, but it is a new attack vector in pursuit of gas savings. They have implemented a feature that involves encrypting a user's private keys and storing them in the cloud, with the encryption key being held by Argent. Unfortunately, this approach poses a significant risk as the encryption key can be obtained through email and phone number access.
This means that the wallet can be fully compromised if an attacker gains control of the user's email and phone. To mitigate this vulnerability, Argent has introduced a 48-hour delay between initiating a restoration request and the actual restoration process. This delay aims to provide an additional layer of security and time for the user to react in case of unauthorized access.