Contest: https://code4rena.com/contests/2023-01-biconomy-smart-contract-wallet-contest/
- H-01 SmartAccount implementation can be destroyed by a bad actor
- H-02
tokenGasPriceFactor
inFeeRefund
struct can be malleable in calls toexecTransaction
- H-03 SmartAccount authorization can be bypassed using a contract signature
- H-04 SmartAccount wallet creation can be backdoored
- H-05 Attacker can gain control of counterfactual wallet
- H-06 Proxy creation isn't check in
deployWallet
function ofSmartAccountFactory
contract