← Back to Glossary

Social Recovery

A wallet recovery mechanism where designated guardians can collectively authorize ownership changes if the primary key is lost or compromised.

Social recovery is a key management strategy for smart contract wallets that eliminates the single point of failure inherent in traditional private key custody by distributing recovery authority across a set of trusted parties called guardians.

How Social Recovery Works

The wallet owner designates a set of guardians — trusted individuals, institutions, or hardware devices — and defines a threshold (e.g., 3 of 5) required to authorize a recovery action. If the owner loses their primary key, they contact their guardians who collectively sign a recovery transaction that transfers ownership to a new key. The guardians have no access to the wallet during normal operation; their authority is limited to the recovery function.

Implementation Patterns

Social recovery is typically implemented as a module in account abstraction wallets. The recovery module maintains a guardian registry, enforces threshold signatures, and applies a time-lock before ownership changes take effect. The time-lock gives the legitimate owner a window to cancel unauthorized recovery attempts.

Security Considerations

Social recovery introduces several nuanced attack vectors. Guardian collusion is the obvious risk — if enough guardians cooperate maliciously, they can take over the wallet. This is mitigated by choosing diverse, independent guardians and setting appropriate thresholds.

Griefing attacks are more subtle and frequently overlooked. If any single guardian can initiate a recovery attempt (even if they cannot complete it alone), they can repeatedly trigger the initiation, resetting the recovery timer and preventing legitimate recovery from completing. This denial-of-service vector can permanently lock a user out of their wallet at the cost of gas.

Guardian availability is the inverse problem — if guardians lose their keys, change contact information, or become unresponsive, the recovery mechanism fails when needed most. Protocols must balance the threshold between security (requiring more guardians) and availability (requiring fewer guardians).

Articles Using This Term

Learn more about Social Recovery in these articles:

ERC-4337 Smart Accounts: Six Failure Modes We're Already Seeing in Audits

ERC-4337 Smart Accounts: Six Failure Modes We're Already Seeing in Audits

ERC-4337 account abstraction introduces programmable trust boundaries that break assumptions baked into decades of wallet security thinking. Here's where teams get it wrong.

Mar 12, 202613 min read

Related Terms

Account Abstraction

A design pattern that replaces fixed EOA logic with programmable smart contract accounts, enabling custom validation, recovery, and gas payment mechanisms.

Need expert guidance on Social Recovery?

Our team at Zealynx has deep expertise in blockchain security and DeFi protocols. Whether you need an audit or consultation, we're here to help.

Get a Quote

oog
zealynx

Smart Contract Security Digest

Monthly exploit breakdowns, audit checklists, and DeFi security research — straight to your inbox

REQUEST AN AUDIT

Quick Links

Services

Company

Resources

© 2026 Zealynx