CVE-2025-46834 Alchemy's Modular Account can use executeUserOp to bypass allowlist prevalidation hook
Alchemy's Modular Account is a smart contract account that is compatible with ERC-4337 and ERC-6900. In versions on the 2.x branch prior to commit 5e6f540d249afcaeaf76ab95517d0359fde883b0, owners of Modular Accounts can grant session keys scoped external keys to external parties and would use the...