Skip to content
Aktionariat

Share Recovery

Motivation

Section titled “Motivation”

It is desirable that share tokens (which legally represent a company’s equity) do not get “lost” if a shareholder loses the private key to their account or accidentally sends them to an invalid address. While some issuers address this by adding a back-door to their smart contract giving them full control over all tokens, Aktionariat follows a decentralized approach — as recommended by the Swiss Blockchain Federation in their Security Token Circular. This allows holders to reclaim their shares without relying on a centralized authority.

Process

Section titled “Process”

The recovery process works as follows. Assume that Alice has lost the key to her address A. She picks a new address B and makes all calls from the new address.

  1. Alice ensures she has enough collateral ready and grants an allowance to the RecoveryHub contract.
  2. Alice calls declareLost(token, collateralType, lostAddress) to declare that the tokens on the specified address are hers and that she wants to retrieve them through the claim mechanism. The collateral is transferred to the recovery hub.
  3. After waiting for 6 months, Alice calls recover (providing her lost address as an argument) to regain her shares and the collateral.

Contesting a Claim

Section titled “Contesting a Claim”

If the key is found again, or the claim was made maliciously, the rightful owner can always call clearClaim from the claimed address to delete the claim and seize the collateral. This makes attacks economically infeasible.

Example: When an attacker makes a claim for your address to obtain all your 7 shares in Example Inc., the attacker must also provide collateral worth 7 shares. You then have six months to call clearClaim, thereby not only deleting the fraudulent claim but also taking away the attacker’s collateral.

If your wallet does not support calling custom methods such as clearClaim, you can also transfer one share to a new address, which triggers an implicit call to clearClaim and has the same effect.

Claim Deletion by Issuer

Section titled “Claim Deletion by Issuer”

Claims can also be deleted by a special role (in this case the collateral is returned). The function getClaimDeleter() defines who can do this — typically the issuer. This protects shareholders who cannot act on their own for some reason, and also guards against malicious use of the claim mechanism in cases where the attacker knows that the claimed address was lost and acts before the rightful owner.

Collateral

Section titled “Collateral”

The share tokens themselves can be used as collateral. For example, if you lost your key, a friend could stake their shares for you.

A custom collateral (ERC-20 token) can be set by the issuer. Using a stablecoin like XCHF or ZCHF has the advantage that the staked amount is not subject to volatility during the waiting period, unlike Ether. Ether is not directly supported as collateral, but the issuer could choose to accept wrapped Ether (WETH).

Real-World Example

Section titled “Real-World Example”

In a real case, someone accidentally sent 1,145 shares of ServiceHunter AG (SHS) to address 0x0479 — the hexadecimal representation of the number 1145, an address that no one controls.

To recover the shares, the owner:

  1. Invoked declareLost with an additional 1,145 shares as collateral.
  2. Waited for six months.
  3. Called recover to resolve the claim, returning both the lost shares and the collateral to their owner.