Safe Recovery Service
A UX and a security service for Safe Account Recovery, streamlining the recovery process for account owners and their designated recovery contacts.
Who is this for
Wallets applications integrating Candide's Social Recovery Module, and want to offer a seamless and secure recovery experience for their end-users.
Recovery UX API
Automatic Execution
The service offers automatic execuction options to minimize UX friction and increase privacy for recovery contacts / guardians. It can be configured to automatically execute:
- The confirmation recovery transaction after the signature threshold is met, eliminating the need for guardians to cover gas costs.
- The finalization transaction after the grace period ends, avoding recovery contacts to return back to complete the process.
Signature Aggregation and Storage
Guardians signatures can be sent to the service to allow off-chain collection. The service can then automatically execute the recovery confirmation and finalization once all required signatures have been collected.
Gas Sponsorship Relayer
It includes a gas sponsorship relayer, which cover the gas costs for both confirmation and finilization
Social Engineering protection
The api provides a communication system using emojis that enables guardians to verify and approve legitimate recovery requests, effectively preventing social phishing attempts by malicious actors who may try to manipulate the recovery process.
Email/SMS Recovery API
A secure and user-friendly solution that uses email and phone verification to facilitate account recovery. Can be used as a default recovery method or combined with other guardians (such as hardware wallets or trusted contacts) to create a customized recovery threshold. Features:
Email Recovery
Supports both SMTP or OAuth2 based protocols. To verify user ownership of the email, a confirmation code is sent to the user's email, which they must enter to enable the guardian service.
SMS Recovery
Supports SMS OTP. To verify user ownership of the phone number, a confirmation code is sent to the user, which they must enter to enable the guardian service.
Multi-factor authentication
Supports MFA with different channels such as a combination of email and sms.
Alerts and Notifications
Account owners can subscribe to receive notifications via email or SMS when a recovery request is initiated, whether onchain or through the service, ensuring they stay informed during a recovery process. The service keeps track of transactions sent via the Safe Recovery Module and uses events and tracing to index transactions to send timely alerts.