lsp-social-recovery
v1.3.0
Published
Utility for managing and recovering accounts on LUKSO and other evm chains
Downloads
14
Readme
lsp-social-recovery-js
Account ownership recovery sdk built on top Universal Profiles and on Lukso Testnet
Live example: Youtube:
Team Members
- Github Profile: Naftali Murgor
- email: [email protected]
- Github Profile: Collins Hue
Getting started
Installation
yarn add lsp-social-recovery
or if using npm
npm install --save lsp-social-recovery
Install web3 too if not yet already.
Getting Started
This sdk builds on the Lukso Testnet and uses Universal Profiles Browser extension Universal Profiles Browser Extension please extension is installed to continue.
1. Initializing the sdk
To use the SDK:
import SocialRecover from 'lsp-social-recovery'
const providerUrl = 'https://rpc.l16.lukso.network'
const provider = new HDWalletProvider({
privateKeys: [process.env.PRIVATE_KEY],
providerOrUrl: providerUrl,
pollingInterval: 18000,
shareNonce: false
})
const options = {
provider: provider,
account: '0x508234eA0600b837CD70332ab342f9BB3B4fF900'
}
const accounts = await window.ethereum.request({ method: 'eth_requestAccounts' })
// or
const options = {
provider: window.ethereum
account: accounts[0]
}
const socialRecovery = new SocialRecovery(options)
2. Deploy SocialRecovery & BasicRecovery Contracts
const main = async () => {
const superGuardians = []
try {
await socialRecovery.deploy()
// set secret phrase
socialRecovery.setSecretPhrase('a secret phrase')
// save privateKey
socialRecovery.setPrivateKey(privateKey)
// add super guardians
socialRecovery.addSuperGuardians(superGuardians)
} catch(err) {
console.err(err)
}
}
3. Recover account ownership( Signature verification)
a. Signature submission and verification
First strategy in recovering account ownership after initialization is to let added superGuardians
sign messages and submit the message to be stored in the contract:
const messageHash = web3.utils.sha3(message)
const signature = web3.eth.accounts.sign(messageHash)
await socialRecovery.addGuardianSignature(superGuardian: Address, signature: string)
Note: All guardians must submit a signed message to be used to recover the account in future.
b. Verifying signature To recover the account, all superGuardians must verify their signatures individually:
// guardian1
await socialRecovery.verifySignature(messageHash, signature)
// guardian2
await socialRecovery.verifySignature(messageHash, signature)
// guardian3
await socialRecovery.verifySignature(messageHash, signature)
// all after signature verifications, recover account privateKey
await socialRecovery.recoverPrivateKey(secretPhrase)
All signature verification request must be initiated by the individual
superGuardian
Universal Profiles
4. Vote-based account recovery
Another strategy is using vote-based method to recover universal account ownership based on LSP11BasicSocialRecovery
await socialRecovery.setScret('a secret')
await socialRecovery.addGuardian(guardianAddress)
await socialRecovery.voteToRecover(recoverProcessId)
// after guardian voting:
await socialRecover.recoverOwnership()
Development
Setup
Clone this repo:
git clone https://github.com/naftalimurgor/social-recovery-js
Install dependencies:
cd social_recovery/
yarn install
Build
To build
yarn build
Test
To run the tests
yarn test
Contributing
Contributions welcome! Feel free to create a new issue or submit a Pull Request.