AUDIT list

[zhongeric]

Areas of interest

• HookData can be set by a relaying party and MUST be viewed as untrusted from a hook's perspective, any considerations for the user?
• ValidUntil is not set if the signature is invalid for validateUserOp path per Refactor validation hooks #115
• Verify that ordering of execute calls within a multicall does not bypass security model
• TransientAllowance does not work with custom layout storage in solc 0.8.29. Can there ever be a collision?
• Anything to consider with using entrypoint 0.7 vs. 0.8?
• Considering removing P256 support and only doing webauthn, any implications?