Docs
Security
MaintenanceOperation

KYC-based fund recovery for exceptional circumstances

Emergency Recovery (maintenanceOperation)

Overview

The maintenanceOperation function, introduced in StakeableAssetImplV4, provides a critical safety mechanism for users who have lost access to their wallets or fallen victim to scams. This function enables authorized operators to help recover funds after thorough KYC verification.

When Recovery Applies

Emergency recovery is available in the following verified scenarios:

1. Lost Private Keys

  • Hardware wallet failure or loss
  • Forgotten passwords/seed phrases
  • Accidental deletion of wallet files
  • Natural disasters affecting physical backups

2. Compromised Accounts

  • Phishing attack victims
  • Malware-compromised wallets
  • Social engineering incidents
  • Unauthorized access scenarios

3. Legal Requirements

  • Court-ordered fund recovery
  • Estate/inheritance claims
  • Regulatory compliance needs
  • Divorce settlements

4. Technical Issues

  • Smart contract interaction errors
  • Failed transactions with locked funds
  • Migration assistance for protocol updates

How It Works

Technical Implementation

function maintenanceOperation(
    address from,      // Source wallet (lost/compromised)
    address to,        // Recovery destination
    uint256 amount,    // Amount to recover
    string reason      // Detailed reason with ticket ID
) external onlyOperatorOrOwner nonReentrant

Security Requirements

  1. User Approval: The affected wallet must have previously approved the StakeableAsset contract for USDC transfers
  2. Role Authorization: Only OPERATOR_ROLE or contract owner can execute
  3. Audit Trail: Every operation emits an event with full details
  4. Non-Reentrancy: Protected against reentrancy attacks

Recovery Process

Step 1: Initial Contact

Contact official support channels:

  • Email: support@soulpeg.io
  • Support ticket system
  • Never respond to DMs or unofficial channels

Step 2: KYC Verification

Submit required documentation:

  • Government-issued photo ID
  • Proof of address (utility bill, bank statement)
  • Selfie with ID and handwritten note
  • Transaction history proving wallet ownership
  • Police report (for theft/scams)

Step 3: Case Review

  • Support team verifies documentation
  • Cross-reference with on-chain data
  • Legal team consultation if needed
  • Multi-signature approval for execution

Step 4: Recovery Execution

  • Set up recovery wallet with user
  • Execute maintenanceOperation
  • Provide transaction confirmation
  • Follow up to ensure success

Security Measures

Operational Security

  • Multi-signature requirement for operators
  • Daily recovery limits ($50,000)
  • Mandatory 24-hour delay for large amounts
  • Regular security audits
  • Comprehensive logging and monitoring

Process Security

  • No recovery without complete KYC
  • Multiple approval levels required
  • Legal documentation for all cases
  • Regular process reviews and updates

Example Scenarios

Lost Hardware Wallet

User: Jane Doe
Issue: Ledger destroyed in house fire
Verification: Insurance claim, KYC completed
Recovery: 50,000 USDC to new secure wallet
Reason: "Lost private key - Fire incident - Ticket #12345"

Phishing Recovery

User: John Smith  
Issue: Clicked malicious link, approved scam contract
Verification: Police report filed, wallet history verified
Recovery: 10,000 USDC to hardware wallet
Reason: "Phishing recovery - Police report #67890"

Important Limitations

What Cannot Be Recovered

  • Funds already transferred out by scammers
  • Tokens not in the SoulPeg protocol
  • Amounts without proper approval setup
  • Cases without complete KYC verification

Recovery Timeframes

  • Standard cases: 3-5 business days
  • Complex cases: 7-14 business days
  • Legal cases: 30+ days depending on requirements

Prevention Best Practices

Secure Your Assets

  1. Use hardware wallets for large amounts
  2. Keep multiple secure backups of keys
  3. Never share private keys or seed phrases
  4. Verify all contract interactions
  5. Use a separate wallet for testing

Avoid Scams

  1. Verify all URLs carefully
  2. Never approve unlimited token amounts
  3. Be suspicious of urgent requests
  4. Don't trust DMs from "support"
  5. Research before interacting with new protocols

FAQ

Q: Can anyone request recovery of my funds? A: No. Recovery requires extensive KYC verification proving you are the rightful owner.

Q: Are there fees for recovery? A: No fees are charged for legitimate recovery cases.

Q: What if I can't provide all documentation? A: Contact support to discuss your specific situation. Alternative verification methods may be available.

Q: How long does the process take? A: Standard cases are resolved within 3-5 business days after complete documentation submission.

Q: Is this feature decentralized? A: No. This is a centralized safety feature requiring trust in the protocol operators, balanced by strict procedures and transparency.

Contact Support

For emergency recovery assistance:

  • Email: support@soulpeg.io
  • Include "EMERGENCY RECOVERY" in subject line
  • Provide transaction hashes and wallet addresses
  • Never share private keys or seed phrases

Remember: Official support will NEVER ask for your private keys or seed phrase.

Next