Summary
The most critical subjects covered in our audit are functional correctness access control. Security regarding all the aforementioned subjects is high. Our most important finding is Transient validator variable override which allows some checks to be by passed as described in the issue. Unit testing is minimal, a deeper testing would likely have revealed this issue and might help to uncover other issues.
The general subjects covered are code EIP compliance, error handling, and correct integration. Security regarding all these subjects is high.
In summary, we find that the codebase currently provides a high level of security, but we recommand improving the tests to increase the confidence.
It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don't replace other vital measures to secure a project.
About Gelato Smart Wallet
Gelato implements an EIP-7702-compatible Delegation smart wallet that also supports full account abstraction via EIP-4337, allowing an externally-owned account (EOA) to delegate control to smart-contract logic while retaining the same address.