Contest: https://code4rena.com/contests/2023-05-ambire-wallet-invitational
- M-01 AmbireAccount implementation can be destroyed by privileges
- M-02
deployAndExecute()function in Factory should be payable - M-03 Project may fail to be deployed to chains not compatible with Shanghai hardfork
- M-04 Low level calls to accounts with no code succeed in AmbireAccount
- M-05 AmbireAccount should provide a function to allow to cancel current nonce
- M-06 Callee can intentionally make caller spend more gas than specified in
tryCatchLimit() - M-07 Recovery transaction can be replayed after a cancellation
- M-08 Griefing attack on
executeMultiple()function - M-09 Attacker can force the failure of transactions that use
tryCatch - M-10 Current design won't allow to update reference implementation without breaking counterfactuality
- M-11 Wallet fallback does not fail when there is no handler
- M-12 Fallback handlers can trick users into calling functions of the AmbireAccount contract
- M-13 EIP-712 signatures are not properly implemented