2

I am working on a social recovery module with a gnosis-safe wallet. For social recovery to work effectively, the user needs to choose another EOA account if the user's previous key is compromised. But I used a safe auth kit to login into my dapp which returns the same EOA address with the same social login.

I want to know, How to generate different EOA accounts with the same social login when a user wants to recover their safe wallet?

So basically when users start to recover their wallet they need to generate a new EOA account with the same social login and after successful recovery when the user tries to login with the same social account this newly created account needs to use. How to achieve this using safe-auth-kit?

Harsh Mashruwala
  • 21
  • 1
  • From the auth-kit docs:

    Once the instance is created, you can call the signIn() method to start the authentication process showing the web3Auth modal. While you sign in with the same email or social account, the same Ethereum address will be returned.

    Reference: https://docs.safe.global/learn/safe-core/safe-core-account-abstraction-sdk/auth-kit

     – balajipachai Mar 27 '23 at 17:04

1 Answers1

1

Usually, when a private key is compromised it is recommended to abandon the whole authentication system instead of creating a new address from it.

Back to your question:

How to generate different EOA accounts with the same social login when a user wants to recover their safe wallet?

The short answer is no, it is not possible.

Based on the discussion here, Web3Auth can only generate one private key with one account. The workaround they provided is to use the private key as a seed phrase to generate other accounts. But this approach is very risky in your case since the initial private key is already compromised.

Edit: Another approach is to use a derived private key from the start. The private key generated by safe-auth-kit is only used as a "seed". Seems cumbersome.

Wuzhong - Chainstack DevEx
  • 1,424
  • 2
  • 10