Content pfp
Content
@
0 reply
0 recast
0 reaction

@
0 reply
0 recast
0 reaction

Varun Srinivasan pfp
Varun Srinivasan
@v
You shared the seed phrase , they can just transfer the fid and reset the recovery address, no? If you make the seed public they have direct control of the account and recovery onchain
2 replies
0 recast
3 reactions

borodutch pfp
borodutch
@warpcastadmin.eth
why bother with recovery email and address then? technically, if one accidentally slips the custody address seed into the public (we know this will happen), there should be a way to use recovery address and/or recovery email to recover the access
1 reply
0 recast
0 reaction

Varun Srinivasan pfp
Varun Srinivasan
@v
Because it helps when you lose your seed phrase? If you want to share account access, create an app key. Sharing seed phrase is a no no.
2 replies
0 recast
0 reaction

borodutch pfp
borodutch
@warpcastadmin.eth
just to recap: if someone accidentally leaks their custody address seed phrase, they lose everything they have on farcaster without any way to recover?
1 reply
0 recast
0 reaction

Dan Romero pfp
Dan Romero
@dwr.eth
Correct. Which is why push it to a passkey and hide it from users. Most people just use Warpcast recovery system when they lose the Passkey. 20K+ recoveries and counting.
1 reply
0 recast
0 reaction

borodutch pfp
borodutch
@warpcastadmin.eth
btw i don't see this as an issue personally, and i agree with this approach 100% just saying that in the future this might lead to problems and a way to recover even from this state should be accessible this approach works for everything blockchain (especially finances) but doesn't translate well into social networks e.g. a celebrity losing access because they accidentally leak the seed phrase on a twitch stream (this *will* happen)
1 reply
0 recast
0 reaction

Dan Romero pfp
Dan Romero
@dwr.eth
Right, and increasing it will be harder and harder for average user to accidentally foot gun.
1 reply
0 recast
1 reaction

borodutch pfp
borodutch
@warpcastadmin.eth
it still doesn't sit right with me, what if there are multiple people managing an account? more points of failure, and they *will* end up sharing seed phrases (even with the app key access feature) i kinda feel like there should be a way to make custody address a smart contract that allows for all actions but switching the custody address — that action will require a multisig wdyt @v
1 reply
0 recast
0 reaction

Dan Romero pfp
Dan Romero
@dwr.eth
Manage the account at the signer level not the custody phrase. Also world is moving to smart contract wallets, so people will be able to add more secure schemes.
0 reply
0 recast
1 reaction