An auditor from our Code4rena audit correctly identified that a call to removeOwnerAtIndex could be replayed on another chain but might remove a different owner if the owner indexes don't match cross-chain. Since this method is one of the one's that is allowed to be cross-chain repayable, this could lead to a malicious actor removing an owner that shouldn't be removed.
This PR adds the owner bytes to the removeOwnerAtIndex call so that the removal explicitly targets an index and an owner.
An auditor from our Code4rena audit correctly identified that a call to
removeOwnerAtIndex
could be replayed on another chain but might remove a different owner if the owner indexes don't match cross-chain. Since this method is one of the one's that is allowed to be cross-chain repayable, this could lead to a malicious actor removing an owner that shouldn't be removed.This PR adds the owner bytes to the
removeOwnerAtIndex
call so that the removal explicitly targets an index and an owner.