At the moment, most crypto users rely on two types of wallets outside of centralised exchanges. Software wallets like Metamask are convenient but aren’t recommended for large accounts due to its private key being stored on a network connected device. For larger accounts, the current advice is for users to store their assets on an air gapped hardware wallet like a Ledger nano. However, this introduces a trade-off between convenience and security. So the first problem is finding a solution that can be both secure and convenient to use.

Second, whether we choose to use Metamask or a Ledger nano, we still face the very real problem of loosing out private keys and all the assets that are tied with it. For crypto to be widely adopted, we need an easy solution for asset recovery in the chance our keys get lost or stolen. Even if the risk is small, the consequences of losing your life savings makes this an important problem to solve.

These two problems could be handled if we introduced a centralised service. But this would defeat the purpose of what we’re trying to achieve with crypto in the first place. Having to maintain decentralisation makes this problem slightly more challenging to solve (although not impossible).

A good wallet experience would therefore need to be both secure and convenient to use. It should have a mechanism for recovering our assets in a worse case scenario. And on top of that, we need to do it in a way that is still non-custodial with minimal reliance on a centralised authority.

Using smart contracts as wallets

The idea behind this concept is to use a smart contract to store our assets and execute transactions on the blockchain. In this way we can enable multiple keys to have varying degrees of access control over our assets. This then becomes the basis for features that would otherwise not be possible with just a private key on its own.

Recovering lost assets

Account recovery is the first big feature a smart contract wallet could enable in cases of a lost or stolen private key. This can be done through assigning several “guardians” to your wallet. A guardian could be a family member, friend, institution, or even another smart contract. Individually they won’t have any control over your assets, but if you lose your private key then they could collectively appoint a new key to replace it and give you back full control of your account.

This does however pose a possibility of guardians colluding with each other to steal your account. To mitigate this risk, your guardians should be people or entities that you’ve chosen to trust to a certain extent. Second, these appointed guardians don’t necessarily have to be publicly known or even know each other. And third, you’ll still need a 50% majority of appointed guardians to approve an ownership transfer.

Let’s say you had four guardians and one of them chose to try and steal your account. First they’d have to figure out who your other three guardians were. If they managed to do this without you noticing then they’ll still have to convince one of them to turn against you. Since these are people you have a level of trust with, it should be quite hard for the bad actor to achieve this without you noticing and removing them as an appointed guardian.

Mitigating theft

The recovery mechanics alone won’t do much to stop an attacker from draining the account if they somehow managed to steal your private key. However a smart contract wallet could at least give us features to limit the loss until we’re able to initiate an ownership transfer with our guardians. One example would be using vaults with a time lock for withdrawals. This means that an attacker would have to wait a certain amount of time if they wanted to drain an account. During this period, our guardians could help cancel the transaction and transfer ownership back to us.

The next step for key management

Smart contract wallets are arguably the optimal solution to key management that we have so far. Through leveraging our various social circles and trusted entities, we can effectively mitigate the devastating effects of a lost or stolen crypto wallet. The above examples in asset recovery and theft mitigation are by no means an exhaustive list of features. They just show us the possibility of using a decentralised solution to build a secure alternative to storing large amounts of value. Since this is also a software solution, it can be built in a way that’s just as convenient as other private key wallets like Metamask.

Building a secure smart contract wallet is non-trivial, but there is at least some recognition for the benefits of social recovery and an EIP currently being debated by core developers to make this easier. At the moment, Argent is the most notable team tackling this problem. But with new scaling solutions providing cheaper transactions, this may be another space for multiple developers to help onboard the next wave of crypto and DeFi users.