Why Social Recovery Needs a Social Reputation Layer

Social recovery requires trusted guardians, but on-chain identities are cheap to forge. Without a reputation layer, recovery becomes a game of quantity over quality, vulnerable to Sybil attacks where an attacker creates hundreds of fake guardians.\n- ERC-4337 Account Abstraction enables recovery but assumes trust.\n- Proof-of-Humanity and BrightID are attempts but lack financial stake.\n- The result is a security façade; your guardians are only as strong as their cheapest identity.

Guardian selection must be governed by skin-in-the-game economics, not just social graphs. A social reputation layer attaches a verifiable, at-risk stake to an on-chain identity.\n- EigenLayer-style restaking models show how to slash reputation for malice.\n- Gitcoin Passport aggregates signals but lacks slashing mechanisms.\n- The goal: make a guardian's reputation score more valuable than the assets they're protecting, creating aligned incentives.

The endgame isn't wallets; it's verifiable social graphs with economic weight. Protocols like Farcaster and Lens create the social fabric, but need a decentralized credit bureau to score it.\n- Recovery becomes a function of your on-chain social capital.\n- This enables complex, real-world trust models (e.g., 3-of-5 family members and 2-of-3 DAO colleagues).\n- Without this, ERC-4337 and EIP-3074 simply automate insecurity.

Today's social recovery wallets (e.g., Safe{Wallet}) depend on a fixed, off-chain list of guardians. This creates massive attack vectors and coordination failure.

• 51% of guardians can be compromised via phishing or collusion.
• ~30% abandonment rate for guardians over 2 years, creating recovery dead-ends.
• Zero Sybil resistance - an attacker can bribe or create fake guardian identities.

EigenLayer enables the creation of a decentralized, staked reputation system. Operators and services build reputation via slashing and delegation, creating a trust marketplace.

• $16B+ in restaked ETH provides the underlying economic security layer.
• Reputation is portable across AVSs (Actively Validated Services), including recovery oracles.
• Continuous slashing risk aligns long-term incentives, far superior to static social graphs.

Karma3 Labs (building OpenRank) and frameworks like Ethereum Attestation Service (EAS) enable composable, verifiable reputation graphs. This moves trust from individuals to verifiable actions.

• Graph-based scoring evaluates connections and transaction history for Sybil resistance.
• Attestations are composable - a Gitcoin Passport score can feed into a recovery reputation score.
• Protocol-native governance - DAOs can become high-reputation recovery agents for their members.

Hyperlane's permissionless interoperability framework allows wallets to source reputation from multiple, competing security modules. This creates a competitive market for recovery services.

• Modular security stacks let users choose reputation oracles from EigenLayer, Babylon, or other providers.
• Interchain reputation is native - a user's Solana reputation can inform their Ethereum recovery.
• ~$500M+ in secured value demonstrates the model's viability for critical infrastructure.

Social recovery assumes guardians are distinct, trusted entities. A reputation layer that's cheap to game inverts this, making the wallet less secure than a traditional seed phrase.\n- Cost to Attack: Creating 1000+ fake identities could cost less than $100 on some networks.\n- Consequence: A guardian set of 5 becomes a guardian set of 1 (the attacker).

Off-chain reputation (GitHub, Twitter, domain names) must be ported on-chain via oracles like Ethereum Attestation Service (EAS) or Veramo. This reintroduces centralization and manipulation vectors.\n- Failure Point: A compromised or censoring oracle invalidates the entire reputation graph.\n- Latency: Real-world identity checks create ~24hr+ delays, breaking UX for instant recovery.

A guardian's reputation score becomes a financial asset. Adversaries can directly bribe guardians or create dark markets for recovery collusion, as theorized in Vitalik's DAO governance analyses.\n- Economic Incentive: A $1M wallet creates a >$200k bribe budget for 3-of-5 guardians.\n- Solution Gap: Current layers like Gitcoin Passport measure existence, not resistance to coercion.

Reputation becomes 'sticky'. Early adopters (e.g., ENS power users) gain unassailable scores, creating a centralized trust oligarchy. New, legitimate users are locked out, defeating decentralization.\n- Network Effect: Top 1000 addresses could control >80% of 'reputable' guardian slots.\n- Innovation Kill: New identity primitives (e.g., Zupass, World ID) struggle to gain weight.

To score reputation, the system must analyze your on-chain and social footprints. This creates a honeypot of linked identities, exposing users to targeted phishing, physical threats, and sybil clustering attacks.\n- Data Harvest: Linking Discord + ETH address + GitHub is a standard requirement.\n- Attack Surface: A breach at the reputation layer (e.g., BrightID) compromises all linked wallets.

A secure reputation layer requires complex, slow consensus (e.g., proof-of-humanity checks). This conflicts with wallet recovery's need for <1hr liveness. You must choose: fast but insecure, or secure but unusable in emergencies.\n- Recovery Window: A 51hr delay is catastrophic during an active hack.\n- Current State: Systems like Proof of Humanity have >1 week challenge periods.

Without a cost to identity, social recovery is just a Sybil honeypot. A guardian set of 5 friends is only secure if creating 5 fake friends is expensive. Current models fail this test.

• Key Benefit 1: Reputation as a Sybil-resistance primitive, not just a social signal.
• Key Benefit 2: Enables permissionless, global guardian networks beyond your immediate contacts.

Financial staking (e.g., EigenLayer, Babylon) aligns incentives but is capital-inefficient and excludes non-wealthy guardians. Social reputation, built via on-chain history (like Gitcoin Passport, ENS, Galxe), is a non-transferable asset that aligns long-term interests.

• Key Benefit 1: Capital-light security; stake your history, not just your ETH.
• Key Benefit 2: Creates persistent identity graphs that improve with network use.

Fixed, user-managed guardian lists are a UX and security dead-end. A reputation layer enables dynamic sourcing from professional networks (e.g., Obol, SSV validators) or community DAOs, with automated failover and performance-based slashing.

• Key Benefit 1: Automated recovery orchestration via intent-based systems like UniswapX for guardians.
• Key Benefit 2: Slashing for liveness ensures guardians are economically incentivized to respond.