Allow adding multiple tiers of recoverers #5948
Description
What is the feature about
I would like to set up multiple layers of recovery addresses such that I can have different delays for different recoverers. The user story goes as:
I am a Safe user who is concerned that I'll whoopsie all of my private keys and/or my life. I would like my next of kin (NOK) to have access to my gnosis Safe in case of such a whoopsie.
While my next of kin has an ethereum account they're liable to lose access to this down the line due to not being a crypto person. Luckily I have a group of friendly crypto-persons who I somewhat trust to help my NOK to access my Safe. This group should collectively be able to grant my NOK access to my Safe in the situation where my NOK has lost access to their ethereum account.
While I generally trust this group of people to not collude to steal from my NOK, I'd like to guarantee that if the crypto-people go rogue then my NOK will win any race to recover my Safe. I should then be able to add my NOK's ethereum account as a recoverer for my Safe with a shorter delay than the group of friendly crypto-people.
Currently the web interface strongly implies that it only supports a single recovery address at a time. After reviewing the smart contracts involved in the recovery mechanism, there's no restrictions on the contract level so we should be implement this feature with updates to the offchain components only.
The list of requirements
- My Safe should allow multiple recovery addresses
- I should be able to set different delays for different recovery addresses.
- Bonus points if different recovery addresses with the same delay share the same
Delaymodule.
- Bonus points if different recovery addresses with the same delay share the same
- I should get notifications if either recovery address initiates a recovery transaction.
- Mega points if all recoverers get a notification if another recoverer for my Safe initiates a recovery transaction.
- Once a recovery transaction has succeeded, it should suggest a transaction which will invalidate any pending recovery transactions to prevent the Safe being usurped by the lower-tier recoverers.
Designs/sketches
Happy to flesh this out if needed.