Impact

All users who have created addresses using the PROFANITY library see https://github.com/johguse/profanity

• Wallet Addresses: if it was generated with the Profanity tool you MUST TRANSFER all of your assets to a different wallet ASAP!
• Contract Addresses: if you used Profanity to get a vanity smart contract address, make sure to change the owners of that smart contract. Consider migrating to a new deployment using a clean EOA address.

Note: the ERADICATE tool from the same creator doesn’t appear to have the vulnerability

Patches

N/A, security is compromised.

v2 contains fixes that use a different method for generating vanity addresses https://github.com/1inch/profanity2
based on: https://en.bitcoin.it/wiki/Split-key_vanity_address

Workarounds

MUST Migrate all funds to a secure EOA

References

see https://blog.1inch.io/a-vulnerability-disclosed-in-profanity-an-ethereum-vanity-address-tool-68ed7455fc8c

see issue https://github.com/johguse/profanity/issues/61

Affected source code

diff --git a/Dispatcher.cpp b/Dispatcher.cpp
index 884ced3..57898c9 100644
--- a/Dispatcher.cpp
+++ b/Dispatcher.cpp
@@ -108,14 +108,22 @@ cl_ulong4 Dispatcher::Device::createSeed() {
 #else
 	// Randomize private keys
 	std::random_device rd;
-	std::mt19937_64 eng(rd());
-	std::uniform_int_distribution<cl_ulong> distr;
-
-	cl_ulong4 r;
-	r.s[0] = distr(eng);
-	r.s[1] = distr(eng);
-	r.s[2] = distr(eng);
-	r.s[3] = distr(eng);
+	//
+	uint64_t rt = rd();
+	uint64_t r1 = (rt << 32) | rd();
+	r.s[0] = r1;
+	//
+	rt = rd();
+	r1 = (rt << 32) | rd();
+	r.s[1] = r1;
+	//
+	rt = rd();
+	r1 = (rt << 32) | rd();
+	r.s[2] = r1;
+	// 
+	rt = rd();
+	r1 = (rt << 32) | rd();
+	r.s[3] = r1;
 	return r;
 #endif
 }

For more information

If you have any questions or comments about this advisory:

• Open an issue in DeFi Threat
• Email us at ops@manifoldfinance