Developing a Wallet with Social Recovery and ERC-4337

We design and develop full-cycle blockchain solutions: from smart contract architecture to launching DeFi protocols, NFT marketplaces and crypto exchanges. Security audits, tokenomics, integration with existing infrastructure.
Showing 1 of 1All 1305 services
Developing a Wallet with Social Recovery and ERC-4337
Complex
~1-2 weeks
Frequently Asked Questions

Blockchain Development Services

Blockchain Development Stages

Latest works

  • image_website-b2b-advance_0.webp
    B2B ADVANCE company website development
    1349
  • image_web-applications_feedme_466_0.webp
    Development of a web application for FEEDME
    1247
  • image_websites_belfingroup_462_0.webp
    Website development for BELFINGROUP
    949
  • image_ecommerce_furnoro_435_0.webp
    Development of an online store for the company FURNORO
    1183
  • image_logo-advance_0.webp
    B2B Advance company logo design
    642
  • image_crm_enviok_479_0.webp
    Development of a web application for Enviok
    921

We deal with lost seed phrases every day: a client wrote down 12 words on a piece of paper, put it in a desk drawer, and forgot. According to Chainalysis, 20–25% of all bitcoins are irretrievably lost this way. Our engineers develop wallets with social recovery—a mechanism that saves assets when a key is lost. Order such a turnkey implementation: we design the contract, configure guardians, and conduct an audit. On average, a project takes from 4 to 12 weeks depending on complexity.

Social recovery is an idea by Vitalik Buterin, implemented in Argent and Loopring, and now natively available through Account Abstraction (ERC-4337). The wallet is a smart contract with two modes: an owner key for everyday transactions and a guardian set for recovery.

How social recovery works at the contract level

Guardian set and threshold recovery

Guardians are addresses that can collectively change the owner key. The owner appoints N guardians and a threshold (typically 3-of-5). Guardians do not touch assets—they only call initiateRecovery and finalizeRecovery. This is a key difference: a compromised guardian cannot steal funds, only initiate a key change.

contract SocialRecoveryWallet {
    address public owner;
    mapping(address => bool) public isGuardian;
    uint256 public guardianCount;
    uint256 public threshold;
    uint256 public recoveryDelay; // timelock in seconds

    struct RecoveryRequest {
        address proposedOwner;
        uint256 approvalCount;
        uint256 initiatedAt;
        mapping(address => bool) approvals;
    }

    RecoveryRequest public pendingRecovery;

    function initiateRecovery(address _proposedOwner) external onlyGuardian {
        require(pendingRecovery.initiatedAt == 0, "Recovery already pending");
        pendingRecovery.proposedOwner = _proposedOwner;
        pendingRecovery.initiatedAt = block.timestamp;
        pendingRecovery.approvalCount = 1;
        pendingRecovery.approvals[msg.sender] = true;
    }

    function approveRecovery() external onlyGuardian {
        require(pendingRecovery.initiatedAt != 0, "No pending recovery");
        require(!pendingRecovery.approvals[msg.sender], "Already approved");
        pendingRecovery.approvals[msg.sender] = true;
        pendingRecovery.approvalCount++;
    }

    function finalizeRecovery() external {
        require(pendingRecovery.approvalCount >= threshold, "Insufficient approvals");
        require(
            block.timestamp >= pendingRecovery.initiatedAt + recoveryDelay,
            "Timelock not expired"
        );
        owner = pendingRecovery.proposedOwner;
        delete pendingRecovery;
    }
}

Why timelock is critical

recoveryDelay is a mandatory parameter. Without it: threshold compromised → instant loss of control. With timelock (Argent uses 24–48 hours, for institutional 72+ hours) the owner has a window to cancel. In practice, this reduces the risk of asset loss by 3 times compared to instant recovery.

Guardian management with delay

Adding and removing guardians also uses a timelock—otherwise the owner could replace all guardians before selling. We use the pendingGuardianAdd pattern:

mapping(address => uint256) public pendingGuardianAdditions;
uint256 public guardianAddDelay;

function scheduleAddGuardian(address _guardian) external onlyOwner {
    pendingGuardianAdditions[_guardian] = block.timestamp + guardianAddDelay;
}

function confirmAddGuardian(address _guardian) external {
    require(pendingGuardianAdditions[_guardian] != 0, "Not scheduled");
    require(block.timestamp >= pendingGuardianAdditions[_guardian], "Timelock active");
    isGuardian[_guardian] = true;
    guardianCount++;
    delete pendingGuardianAdditions[_guardian];
}

How to choose guardians?

Choosing guardians is a socio-architectural task. Options:

  • Trusted persons: 3 close people, each holds a guardian key in their wallet. Simplest scheme.
  • Hardware wallet + phone + guardian service: a backup Ledger + phone + a service (Argent or custom). If two out of three are lost, recovery.
  • Multisig as guardian: Safe{Wallet} as guardian. Recovery requires a quorum in Safe. Suitable for corporations.
  • Smart contract guardian: a timelock contract of the organization, recovery via governance voting.
Guardian type Convenience Decentralization Suitable for
Trusted persons (3-of-5) High High Retail users
Hardware + mobile + service Medium Medium Power users
Corporate multisig Low High Corporate
DAO governance Very low Maximum Protocol-owned

ERC-4337 and social recovery: gasless recovery

Account Abstraction (ERC-4337) makes social recovery a native pattern. The wallet is already a smart contract, no need to convert EOA. UserOperation enables:

  • Gasless recovery: Paymaster covers gas for guardians and the user.
  • Batched approvals: multiple guardians in one bundled batch.
  • Social login as guardian: key stored in passkey/WebAuthn on phone.

Implementation via Kernel (ZeroDev) or Biconomy Smart Account v2: both have a plugin system where social recovery is a module.

ERC-4337 recovery flow

// Guardian signs UserOperation for approveRecovery
const userOp = await guardianSmartAccount.buildUserOperation({
    target: walletAddress,
    data: wallet.interface.encodeFunctionData('approveRecovery', [])
});

// Paymaster sponsors gas
const sponsoredOp = await paymasterClient.sponsorUserOperation(userOp);
await bundlerClient.sendUserOperation(sponsoredOp);

This changes UX: the guardian does not need ETH for gas, they just sign an approval on the phone.

Attack protection

Griefing via spam recovery

Any guardian can initiate recovery and block the wallet. Solution: recovery does not block owner transactions, or it can be initiated only by several guardians collectively.

Social engineering

An attacker convinces guardians that the user lost the key. Protection: timelock + notifications (email/push/telegram bot) + out-of-band verification.

Front-running finalizeRecovery

An attacker sees finalizeRecovery in the mempool and replaces the address. Protection: commit-reveal or private mempool.

Off-chain guardian coordination

Guardians need coordination without on-chain gas. Options:

  • Centralized guardian service (Argent) – convenient but central point.
  • IPFS + signature aggregation – guardians publish signatures on IPFS, aggregator sends batchApprove.
  • E2E encrypted messaging – via Signal/Matrix, low-tech, maximum independence.

Our hybrid: a notification server notifies guardians, they approve via dApp, and an aggregator batches.

What is included in development

We provide a complete package: architecture documentation, smart contract source code (Solidity), frontend (wagmi+viem), Foundry configurations, deployment instructions, a training webinar for the team, and one month of support after launch. We will evaluate your project for free—contact us.

Work process

  1. Analysis (3-5 days). Target audience, guardian choice, need for AA, gasless, multichain.
  2. Contract design (3-5 days). Guardian management, timelock parameters, recovery flow, ERC-4337 integration.
  3. Development (4-8 weeks). Core contract → guardian management → recovery flow → frontend → guardian coordination UI.
  4. Audit. Mandatory: the contract manages funds. We check reentrancy, timelock, griefing vectors.
  5. Testing. Fork tests on mainnet, full recovery flow simulation.
Stage Duration (days) Result
Analysis 3-5 Technical specification
Design 3-5 Contract architecture
Development 28-56 Source code, frontend
Audit 7-14 Audit report
Testing 5-7 Fork tests

Stack and tools

Solidity 0.8.x + OpenZeppelin, Foundry, ERC-4337 SDK, wagmi + viem, WalletConnect v2. We use Tenderly for monitoring.

Timeline and cost

A basic wallet without AA: 3-5 weeks. With ERC-4337, gasless recovery, and guardian UI: 8-12 weeks. Cost is calculated individually—contact us for an estimate.

We have completed 20+ projects in the field of Social Recovery over 5 years of work. Our engineers are authors of articles on ERC-4337 and contributors to open-source solutions.

We develop crypto wallets turnkey — from custodial solutions for fintech to smart contract accounts on EIP-4337. 5+ years in blockchain development, 40+ projects implemented. Let's examine which architecture to choose for your task and why MPC or Account Abstraction solve the private key problem that MetaMask and classic HD wallets could not close.

Why are classic wallets dangerous for business?

A seed phrase in a browser extension is the only way to restore access. For retail users, this is a barrier to entry (lost phrase = lost money). For corporate treasuries, it is incompatible with compliance (KYC/AML, role model, multisignature). Any single key leak compromises all funds. These risks are built into the architecture, not poor UX.

We eliminate them at the protocol level: MPC wallets (key never fully assembled), smart contract wallets (authorization logic in code), hardware HSM for institutional storage. Details below.

What is the real difference between custodial and non-custodial?

Custodial — the provider stores the private key. User authenticates via email/password/OAuth. Recovery is trivial, KYC/AML built-in. For centralized financial applications, often the only regulatory acceptable option. Risk: single point of failure (e.g., Bitfinex hack — $72M, FTX — $600M+ client funds).

Non-custodial — keys are with the user. Provider has no access to funds. Storage responsibility falls on the user. For 99% of people, this model is unworkable without additional protection — hence MPC.

MPC wallets: the key that doesn't exist

Multi-Party Computation (MPC) is a cryptographic protocol that allows multiple parties to jointly sign a transaction without revealing their partial secrets. The private key never exists in its assembled form.

Standard scheme: 2-of-3 MPC between user (share on device), provider server, and backup cloud storage. Transaction is signed by any two of three parties. Lost phone — recovery via server + cloud. Server compromised — attacker holds only one share, signing impossible.

TSS (Threshold Signature Scheme) is a concrete implementation of MPC for ECDSA/EdDSA. Algorithms: GG18, GG20, CGGMP21 (the latter is faster and has better security proofs). Libraries: tss-lib (Go, from Binance), multi-party-sig (Go, from Coinbase), ZenGo-X/multi-party-ecdsa (Rust).

MPC requires no on-chain changes — to the blockchain, the signature looks like a normal single-key signature. This saves gas and keeps the key management scheme confidential (not published in chain) — unlike multisig.

Account Abstraction (EIP-4337): smart contract as wallet

EIP-4337 completely changes the model: instead of EOA (Externally Owned Account), a smart contract Account is used. Authorization logic is in contract code, not in protocol cryptography. This opens up arbitrary signing logic, social recovery, session keys, sponsored transactions, and batch operations.

How the EIP-4337 stack works:

User → UserOperation → Bundler → EntryPoint contract → Account contract
                                          ↑
                                    Paymaster (optional, pays gas)

UserOperation — a new type of object (not an L1 transaction). Bundler collects UserOps from an alternative mempool, packs them into one transaction, and sends to EntryPoint. EntryPoint calls validateUserOp on the Account contract — Account decides if the signature is valid.

Practical capabilities:

Social recovery. The contract stores a list of guardians (other addresses or a service). Lost key — guardians vote for replacement. Argent has used this scheme since 2020.

Session keys. A temporary key with limited rights: interaction only with a specific contract, until a certain date, up to a certain amount. For GameFi and dApps — user does not sign every micro-transaction.

Paymaster. A third-party contract pays gas for the user. Onboarding pattern: user does not hold ETH, gas is sponsored by dApp or taken from ERC-20 tokens.

Implementations: Safe{Core} Protocol, Biconomy SDK (Stackup), ZeroDev (Kernel), Alchemy (Rundler bundler). EntryPoint v0.6/v0.7 is deployed and active on Ethereum mainnet, Polygon, Arbitrum, Optimism. We guarantee compatibility with the latest contract versions.

What is a Hardware Security Module for corporate wallets?

For treasuries and institutional storage: HSM (Hardware Security Module). The key is generated and never leaves the secure chip. Signing happens inside the HSM. Hardware attestation is supported. Solutions used: AWS CloudHSM, Azure Dedicated HSM, Thales Luna, YubiHSM 2 (for small volumes). Integration via PKCS#11 or cloud-specific API.

A combination of HSM + MPC is optimal for institutional use: key shares are stored in HSMs on different servers/jurisdictions, signing via TSS. This ensures compliance with regulatory requirements (e.g., for crypto custodians).

Integration with dApps: WalletConnect and standards

Any wallet must be able to interact with dApps. Standard: WalletConnect v2 (Sign API): QR code or deep link, peer-to-peer encrypted channel via relay server. For browser extensions: EIP-1193 (Ethereum Provider API).

On the frontend, we use wagmi + viem — one interface for MetaMask, WalletConnect, Coinbase Wallet, injected providers. For Account Abstraction: EIP-5792 (wallet capabilities) and EIP-7677 (paymaster service).

Development process

  1. Threat model — who is the user (B2C, B2B, institutional), what operations, what is the acceptable risk model. Architecture depends on this.
  2. Selection and design of key storage scheme — MPC, HSM, multisig, or a combination.
  3. Development of Account contract (if EIP-4337) or integration of MPC library.
  4. Backend — MPC coordination, session management, paymaster service (if needed).
  5. Mobile/browser application — UI with WalletConnect integration, biometrics, QR.
  6. Integration with dApps — EIP-1193, WalletConnect v2.
  7. Audit of contracts and cryptographic implementations — mandatory step. MPC libraries have known vulnerabilities (GG18 susceptible to attack with malicious participant without abort protocol). We use libraries with up-to-date security reviews (CGGMP21). Experience passing audits with Certik, Hacken, Trail of Bits — we have certificates.

What is included in the work (deliverables)

  • Source code of smart contracts (Solidity/Rust) with documentation
  • Backend MPC coordination service (Go or Rust) with API
  • Mobile application (iOS/Android) or browser extension
  • Integration with WalletConnect, Ledger/Trezor (if required)
  • Preparation for security audit (vulnerability report)
  • Administrator and user documentation
  • Access to repository, CI/CD, monitoring (Tenderly, Etherscan API)
  • Training of your team (2-3 sessions)
  • Post-launch support — 1 month

Timeline and cost

Solution type Timeline (working weeks)
Custodial with basic UI 4–8
Non-custodial with MPC integration 8–16
EIP-4337 Account with paymaster 6–12
Institutional (HSM + MPC + compliance) from 16

Cost is calculated individually for your project. We will estimate within one day — contact us by email or Telegram. We provide a guarantee on code and timeline.

Typical mistakes in crypto wallet development (and how to avoid them)

  • Using outdated MPC libraries — GG18 without abort protocol. Choose CGGMP21 or tss-lib with up-to-date audit reports.
  • Tight coupling to a single blockchain — not abstracting for L2/sidechains. Use viem/wagmi for cross-chain.
  • Ignoring MEV attacks — when using multisig without timelocks. Add tx simulation (Tenderly) and sandwiching protection.
  • Lack of fallback recovery mechanism — for Account Abstraction, not setting up social recovery. Include from the first release.

We eliminate these pitfalls at the design stage — for each project, we create a threat model and security checklist.

Need a reliable wallet with no compromises? Get a consultation from our architect — we will analyze your task and propose an architecture with a precise estimate. Leave a request — we will respond within a day.