Severity: High
Context: Implementation.sol#L18
Since Implementation.sol
is a contract without any access control implemented, anyone who has address for it can simply call it's functions. Hence it's possible for someone to make a delegate call directly from Implementation
contract to a malicious contract which has function which has selfdestruct()
functionality by directly calling the delegatecallContract(address a, bytes calldata _calldata)
function of the Implementation
contract, thus destorying Implementation
contract and rendering the whole Wallet Protocol
as useless.
So an attacker:
- Will create a malicious contract. A very basic one could be: