PrivateKey generation can be guessed easily

[hats-bug-reporter[bot]]

Github username: @SB-Security Twitter username: SBSecurity_ Submission hash (on-chain): 0x7983e523f73f6623f74998c574e705cb5e483b0b22dae41bf9d5617cd2485b75 Severity: high

Description: Description\ Relying on block number for a source of randomness can be easily guessed from users and abused for their own benefit. This is problem for the protocol

Attack Scenario\ Using block.number and msg.sender address for creating privateKey of the Vault is easy guessable.

Attachments

1. Proof of Concept (PoC) File

    constructor() {
        _updateKeyPair();
    }

  function _updateKeyPair() internal {
      (bytes memory publicKey, bytes memory privateKey) = Sapphire.generateSigningKeyPair(
          Sapphire.SigningAlg.Secp256k1PrehashedKeccak256,
          Sapphire.randomBytes(32, abi.encodePacked(block.number, msg.sender))
      );

      _keyPair.publicKey = publicKey;
      _keyPair.privateKey = privateKey;
  }

1. Revised Code File (Optional) Use another source of randomness, that is bette-suited for the needs of the project.

[party-for-illuminati]

Invalid. Please refer to the Oasis Sapphire random implementation docs: https://api.docs.oasis.io/sol/sapphire-contracts/contracts/Sapphire.sol/library.Sapphire.html#randombytes