HatsFarcasterDelegator: better onboarding with recovery address flow

[spengrah]

A significant drawback of the current onboarding flow is that migrating an existing account from Warpcast is really painful. Users need to export the seed phrase from Warpcast, find the private key of the fid custody account (derived from that seed phrase), and then import the private key into a browser wallet like metamask. This is high friction and also introduces bad op sec practices for users.

This issue describes an alternative and much improved flow that utilizes the Farcaster protocol's recovery functionality. Every fid has a recovery address, which is authorized to transfer the fid but nothing else. The key point is that Warpcast allows users to set the recovery address for their fid to any arbitrary address. For a user, this is much easier and more secure than exporting a seed phrase.

Below is what the new flow could look like. It has several key improvements:

• The flow includes guidance for what the user needs to do in Warpcast
• The Warpcast-related step is much simpler and more secure, as discussed above
• No need to switch connected wallets between steps (this is a really big point of friction in the current flow)

Recommended Flow

1. User connect wallets to herocast. This should be the wallet that wears or will wear the adminHat.
2. Create hats using the 4-hat template from hero-50-build-scaffolding-for-hats-protocol-whitelabel #218
3. Mint adminHat to self (and casterHat to relevant addresses, but this could also happen later), as in hero-50-build-scaffolding-for-hats-protocol-whitelabel #218
4. Configure / deploy FD contract, as in hero-50-build-scaffolding-for-hats-protocol-whitelabel #218
5. Guide user to set their wallet address as the fid's recovery address in Warpcast. Optionally, herocast could listen for the ChangeRecoveryAddress event before guiding the user to the next step.
6. Back in herocast, the user signs the receive signature on behalf of FD. Alternatively, the user could call HFD.prepareToReceive(). Note that only one of these (ECDSA signature or prepareToReceive) needs to be done.
7. User executes the transfer by calling IdRegister.recover() with the signature from (6) as payload

[hellno]

todo

• Add new step to guide user through Warpcast recovery address setup. Wait for ChangeRecoveryAddress event from IdRegistry (https://docs.farcaster.xyz/reference/contracts/reference/id-registry#changerecoveryaddress)
• Remove the prepareToReceive call

before release

• add space on the right side for videos to play in each step
• create short videos for each step of the setup flow

[hellno]

Step 5:
Which address should be set as recovery address in Warpcast? the user's wallet or the FD contract address?

[spengrah]

Step 5: Which address should be set as recovery address in Warpcast? the user's wallet or the FD contract address?

it's the user's wallet. They will use that wallet in step 7 to call IdRegistry.recover().