GetSalt.sh

What is GetSalt.sh?

GetSalt.sh is a toolkit for mining and deploying deterministic, vanity smart contract addresses using CREATE2. It drastically reduces the cost and complexity of generating recognizable contract addresses (e.g. 0x111111..., 0xDEADBEEF...) across multiple EVM chains.

By sharing compute and enforcing cross-chain consistency, GetSalt.sh turns vanity addressing into a security and branding primitive—accessible to everyone, not just whales or protocols with GPU farms.

Why It Matters

• Human-verifiable security: Users can recognize vanity contracts visually, especially on hardware wallets, reducing phishing risk.
• Branding & trust: Projects can claim distinctive, memorable addresses across chains.
• Deployment determinism: Same code, same salt = same address on all chains.
• Cost asymmetry: Defense becomes affordable, while attack remains expensive.

The Problems Today

• Mining high-entropy prefixes is costly and slow.
• No protection against impersonation or copycats across chains.
• Defenders and attackers pay roughly the same to secure a vanity pattern.

How GetSalt.sh Works

• Cross-chain enforcement via LayerZero: Automated cryptographic verification ensures addresses on different chains contain matching bytecode. For chains without LayerZero, manual DAO verification provides a future-proof fallback— supporting any EVM chain, even ones that don't exist yet.
• Shared off-chain GPU mining: Salt search for a fixed proxy bytecode is shared and GPU-accelerated.
• Shared proxy: Every mined address points to the same minimal UUPS proxy implementation, enabling mining efforts to be mutualized.
• Commit–reveal on-chain registration: Secures vanity addresses against frontrunning.
• Cross-chain enforcement via LayerZero: Ensures that an address used on one chain has matching bytecode on others.
• DAO moderation: A 24h timelock allows the community to veto malicious or misleading vanity claims.
• Cost asymmetry: Defenders share mining costs (everyone mines the same proxy), while attackers must mine unique addresses repeatedly. Combined with 10% slashing on failed registrations, defense becomes cheap while attacks remain expensive.

GetSalt.sh is built with a three-layer architecture optimizing for security and cross-chain consistency.

Smart Contracts (Solidity + Foundry + Hardhat)

Three custom contracts (~1,200 lines) using OpenZeppelin's upgradeable libraries and ERC-7201 namespaced storage:

• GetSaltRegistry - Commit-reveal registration with 24h timelock to prevent front-running
• GetSaltMinimalProxy - UUPS proxy deployed at vanity addresses
• GetSaltFactory - CREATE2 deterministic deployment (same address on all EVM chains)

Tested with Foundry (19/19 passing), deployed via Hardhat with 5 custom workflow tasks.

Frontend (Next.js 14 + TypeScript)

Next.js 14 App Router with Wagmi v2 + Viem for blockchain interactions, RainbowKit for wallet connections, and shadcn/ui components. Fully type-safe from Solidity ABIs to React components via TypeChain.

Backend (Drizzle ORM + SQLite)

5 REST API endpoints using Next.js API routes with Drizzle ORM for type-safe database queries. SQLite for development, with easy upgrade path to Turso (distributed SQLite) for production.

Partner Tech: LayerZero v2

LayerZero Read enables trustless cross-chain bytecode verification. When registering a vanity address, challengers can trigger automatic verification that the same address on different chains contains matching code—preventing cross-chain impersonation attacks without manual checks.

Notable Hacks & Innovations

1. Mutualized Mining - Everyone mines for the same minimal proxy bytecode, sharing GPU costs. Users then upgrade to their custom implementation. This makes vanity addresses accessible to everyone, not just GPU farms.

2. Hybrid Verification - LayerZero for automated verification on supported chains, plus manual DAO verification for any EVM chain (even future ones). When LayerZero support arrives, verification automatically becomes trustless.

3. First Upgrade Validation - Proxy validates implementation bytecode hash using extcodehash on first upgrade, preventing bait-and-switch attacks. After validation, normal upgrades work freely.

4. Economic Security - 0.01 ETH registration + 10% slashing creates asymmetry: defending is cheap (shared mining), attacking is expensive (lose 10% per failed attempt). The 24h timelock lets the community be the security layer.