You're the owner of a smart contract but you lost the key. You're screwed…. or are you? Anti Social Recovery is a design pattern that enables users to recover ownership of their smart contract after losing their signing keys.
What if contracts were owned by humans instead of addresses? Anti Social Recovery allows users to deploy smart contracts for which the ownership is tied to their unique proof of personhood (e.g., World ID). After verifying with World ID, users can deploy a contract as the owner, then take over ownership from a different EOA.
This design pattern can scale to many different use cases. While we started with a simple ownable contract, the same principles can apply to any smart contract role (minter, pauser, burner, ...). Additionally, World ID can be exchanged with a different proof of personhood provider. We have also thought through how this can apply to an ERC20, allowing users to claim their balance from a new address!
Actions currently supported:
We made the following changes to the Open Zeppelin Ownable contract:
The constructor takes a World ID proof as input, verifies it, and saves the nullifier hash. The nullifier hash is a unique identifier of a proof of a specific action, on a specific app, from a specific World ID holder.
We added a function claimOwnership that can be called by anyone to change the owner of the smart contract to themself. It takes a World ID proof as input, verifies it, and transfers ownership to the sender if and only if the nullifier hash matches the one stored. This works because only the World ID user that deployed the contract can generate a valid proof with the same nullifier hash.
We used ThirdWeb for user login and contract interactions. We verify proofs on-chain via WorldCoin's deployed verifier on Polygon Mumbai.
Tech used