Using Wills For Storage
Last updated
Last updated
Will contracts have a certain number of security measures that make them great at safely storing users' tokens. You can read more about those security features on the page below:
You can deploy your own Will contract, add your tokens to it, and modify the time lock parameters such that in the event you were to be hacked, your Will contract seriously slows down the rate at which your tokens are transferred out of your Will contract, giving you enough time to stop the hack.
Will contracts use their owner's profile IDs as identifiers so if your wallet were to be hacked, you can remove the hacked account from your profile such that, that account stops having admin privileges to your Will contract and thus stopping the hack.
This will only work if you have a unique profile. You can follow the guide on the page below to create a unique profile:
Suppose a Will contract belonging to a user with a unique profile ID 1 and 2 wallet addresses address 1 and address 2. In the case wallet address 1 were to be hacked, our user can go through the following steps to remove address 1 from the list of addresses that map to profile ID 1 and thus remove admin privileges from address 1:
The first step is to create a new SSID (which will be the same SSID as your previous one) but with an expiration date that is further away in the future than your last SSID meaning if your last SSID expires on the 24th, October 2023, your new one should at least expire the 25th, October 2023. This is because, since it takes a trusted auditor to create an SSID, we assume a hacker will not be able to create one for your profile so by updating your profile with the same SSID but a further expiration period, you prove to be the legitimate owner of the profile. The further expiration date helps the contract separate out accounts that have been added with the previous SSID expiration date from those added with the new one. This will remove access to the profile to any account added with the previous SSID expiration date. To create a new SSID, you can follow the guide on the page below:
The next step is to update the time constraint on your profile. To do so, follow the guide on the page below, under the Update Time Constraint title
The step after that is to remove the compromised account Address 1 from the list of addresses that map to your profile ID. You can also (if you want), re-add all previously added accounts that have not been compromised to your profile. You can find a guide to doing that on the page below under the titles Removing Accounts From Your Profile and Adding Account To Your Profile respectively.
Congratulations! Your hacker is now completely locked out of your profile and cannot withdraw funds from your Will contract anymore.
Using unique profiles as main identifiers of Will contract owners makes compromising SSID auditors the only way to hack Will contracts (even hacking wallets is not sufficient) and since SSID auditors have bounties in place, you can always claim their bounties as compensation if they were to deliver your SSID to someone that is not you.
You can still recover access to your Will contract even if you were to lose access to your wallet's password or private key.
To be able to do that, all you need to do is to get an SSID auditor to recreate a new SSID for you. You can read about how to do that on the page below:
Once that's done, you can use it to add a new account to your profile. You can read about how to do that on the page below under the title Adding Accounts To Your Profile Using Your SSID
The function Add Account From SSID from the control panel menu of your profile panel enables you to do that:
Congratulations! The new account you've added to your profile now has admin privileges to the Will contract.
