Details can be found in this overview presentation.

Screencast is here

Problem: Key Management

  • Private keys are too cryptic too remember
  • Mnemonics are too hard to remember
  • Social recovery is not really a solution
    • Either you are not sure about who to trust
    • Do you really want to put the burden on friends/family?
  • Time lock is cool but not a recovery solution by itself
  • If just a single character is wrong, the private key is wrong and recovery is not possible.
  • Current key recovery solutions are either way less secure or less convenient


What it does & how does it work?

Prerequisite: You need a smart contract wallet (Gnosis Safe)

  • Select 5 locations of your choice.
  • Geo-data is hashed to derive the private key to recovery account
    • FOAM is used as decentralized geo-data provider
  • Smart contract module is attached to your Gnosis Safe
  • You can recover by entering the 5 Locations to get the private key for recovery account
  • Sign recovery and new Safe owners using recovery account

How we built it

  • We wrote a module for the Gnosis Safe smart contract in Solidity.
  • There are 2 use cases: (1) Set up mapcovery and (2) perform mapcovery to recover your wallet.
  • We wrote a webapp and an Android app to allow users to set up mapcovery and to actually recover as well.
  • We made minor changes to the Safe Android app to allow the setup of the recovery module.

Challenges we ran into

  • Where would we get reliable geo-location data from?
  • What is a good number of locations to reach sufficient security?
  • How can we prevent front running?
  • How can we make sure to not leak the 5 locations when performing recovery?

Accomplishments that we're proud of

  • Finding another possible recovery method for smart contract wallets.
  • Finding a method that is relatively easy to remember but still provides enough security.
  • Solving for front-running through elegant smart-contract design.

What we learned

  • How FOAM really works incl. their APIs and why it is needed.
  • What ways of storing location data exist out there incl. their advantages and disadvantages.
  • How modules work with the Gnosis Safe
  • How to design and build prototypes with Adobe XD.
  • How hacking is enhanced when techno music is blasting through Factory the entire day.

How to try it out

  • Download the Gnosis Safe version we adjusted (running on Rinkeby)
  • Create a Safe
  • Download Mapcovery
  • Follow the steps in the Mapcovery app:
    • Connect to the Safe for which you want to setup the recovery via WalletConnect
    • Select 5 locations
    • Press "next"
    • Select "Setup recovery for Safe"
    • Follow the steps in the Gnosis Safe app to finish setup
  • Reset the Gnosis Safe app (or remove the created Safe)
  • Use the Mapcovery app or our web app to trigger the recovery
    • (App only) Connect to a wallet to interact with the recovery module
    • Select 5 locations
    • Follow the instructions
    • The new recovery phrase that is displayed can be used to recover the Safe

What's next for Mapcovery

  • Allow users to configure more parameters:
    • Number of locations
    • Time-lock period
  • Add bonds required to trigger mapcovery
  • Allow recovery cancellations.
  • Allow Gnosis Safe users on iOS and Android to set up mapcovery, if they would like to do so.
  • Security audit of the contract code.
  • Add more locations to FOAM in order to increase security and make brute-force attacks harder.
  • Wait for FOAM's "Presence Claims" and integrate them. They are ways to check that someone is actually present at a location. If enabled for Mapcovery, this would increase security even more by requiring physical presence at the recovery locations. This would decrease convenience but attacks get harder by multiple orders of magnitude.
  • Broaden use cases for Mapcovery (Other smart contract wallets, potentially even traditional EOA wallets, etc.)

Built With

Share this project: