Added a check for the outer method selector for the userOp.callData to avoid call to other methods rather than default executor
Now guardians sign controlMessage + SA.address. This is even more secure in terms of revealing guardians address across SAs.
Removed unneeded conditional
TODO: technically validAfter = request.timestamp + securityDelay may overflow as both validAfter and securityDelay are uint48s. Making securityDelay an uint24 should solve issue however it will limit delay to 194 days (which is enough I think).
Waiting confirmation from auditors on this matter.
Summary
TODO: technically
validAfter = request.timestamp + securityDelay
may overflow as bothvalidAfter
andsecurityDelay
areuint48
s. MakingsecurityDelay
an uint24 should solve issue however it will limit delay to 194 days (which is enough I think). Waiting confirmation from auditors on this matter.Related Issue: # SMA-27
Change Type
Checklist