Skip to content

feat: add cooldown to recovery agent update#361

Open
paolodamico wants to merge 26 commits intomainfrom
delayed-recovery-agent-update
Open

feat: add cooldown to recovery agent update#361
paolodamico wants to merge 26 commits intomainfrom
delayed-recovery-agent-update

Conversation

@paolodamico
Copy link
Collaborator

@paolodamico paolodamico commented Feb 5, 2026

Changes

  • Updating the recovery agent is now a two-step process. The user initiates a recovery agent update, a cooldown must pass, and then the update can be executed. This is added as a security mechanism against account takeovers in case of a compromised authenticator. The recovery agent can be the tie-breaker in case of compromised authenticators. Users must select their recovery agent carefully.
  • Renames "recovery address" terms to "recovery agent", following https://github.com/worldcoin/world-id-protocol/tree/main/docs/world-id-4-specs.

Note

High Risk
Touches account recovery and signer-authorization flows (EIP-712 messages, nonces, and state transitions) and changes the public registry interface, so mistakes could weaken recovery security or break client integrations.

Overview
Adds a two-step, cooldown-gated recovery agent rotation to WorldIDRegistry: authenticators now initiateRecoveryAgentUpdate (EIP-712 signed), wait out a configurable cooldown, then anyone can executeRecoveryAgentUpdate, or authenticators can cancelRecoveryAgentUpdate.

Renames the external API from recovery address to recovery agent, introduces tracking for pending updates (with new errors/events and getPendingRecoveryAgentUpdate/getRecoveryAgentUpdateCooldown getters), clears pending updates on account recovery, and updates the Rust ABI + expands/adjusts Solidity tests to cover the new flow (including overwrite/cancel/zero-cooldown cases).

Written by Cursor Bugbot for commit 91cc7c1. This will update automatically on new commits. Configure here.

@paolodamico paolodamico requested a review from a team as a code owner February 5, 2026 19:06
@paolodamico
Copy link
Collaborator Author

open question: when recovering an account, should pending recovery agent updates be cleared?

@paolodamico
Copy link
Collaborator Author

@codex review

Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 0685143c2d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@paolodamico
Copy link
Collaborator Author

@codex review

Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 27a6220daa

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Copy link
Contributor

@0xOsiris 0xOsiris left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This generally looks fine to me, although the trust model seems somewhat fragile

@paolodamico paolodamico requested a review from 0xOsiris February 18, 2026 22:23
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants

Comments