Comment on page

Recover users wallets

How to recover a wallet using recovery

What is a Recovery

Users of Cometh Connect will generate and use a safe as their wallet, with exclusive ownership and access to the funds it contains. Nonetheless, in the event of a lost key (such as misplacing their device or any other unforeseen circumstance), we aim to facilitate users' recovery of wallet access without compromising their security or self-custody. To achieve this, we have implemented a default feature in any safe deployed to allow a guardian to initiate a recovery request. Upon the completion of a recovery request, the ownership structure of the safe will be modified.


Before initiating a social recovery request, the following conditions are assumed to be met:
  • The user possesses a safe created using the connect-api.
  • This safe has the social recovery module activated with one guardian, a process automatically executed during safe creation when utilizing the connect-api (this is the default configuration).
  • This guardian is the default guardian managed by Cometh (a Safe 2/3 signatures).

Recovery flow

A recovery request consists of three primary phases:
  1. 1.
    Submitting the recovery request: This initial step involves creating the recovery request and obtaining the first owner's signature from the guardian.
  2. 2.
    Confirming the recovery request: In this stage, the request is verified by Cometh, the second signature is added to the request, and the transaction is published on the blockchain. This action initiates the 24-hour recovery period.
  3. 3.
    Finalizing the recovery request: Once the recovery period elapses, the request can be processed. This action effectively modifies the ownership structure of the user's safe.

1. Submit the recovery request

If a user loses access to their safe, they can initiate a recovery request. This process is similar to a "Forgot password" feature, requiring the user to specify the new addresses they wish to designate as the new owners of their safe. From a technical standpoint, this is done by calling Cometh Connect API :
Start a recovery.
It's important to note that, despite the fact that this request is signed by the first owner of the Cometh's guardian, no on-chain transaction has occurred and the recovery period has not yet begun.

2. Confirm the recovery request

At a later stage, the initialized request will undergo a verification process before obtaining the second signature. If the request is validated as correct, the request will be signed and published on the blockchain.
Once the transaction is confirmed, this action initiates the beginning of the recovery period.

3. Finalize the recovery request

Once the recovery period is over without the owner of the safe canceling the recovery, the request can be finalized. This step does not require any signature and can be executed by any party. Either Cometh, the project or the user can finalize the request.
An easy way to finalize the recovery request is by calling Cometh Connect API:
Finalize a recovery.
Calling finalize before the end of the recovery period (24 hours) will return an error {"error":"Recovery period not complete"}
This action will do an on-chain transaction finalizing the change.
In this example transaction, you can see in the logs that the previous owners of the safe have been removed (RemovedOwner) and the new ones added (AddedOwner):
Last modified 1mo ago