Biconomy: Nexus
The Nexus account storage could be changed maliciously because of delegatecall and arbitrary bootstrap address in `initializeAccount`
Lead Judging Commences
finding-front-running-initializeAccount
Invalid, - Checked [here](https://github.com/rhinestonewtf/sentinellist/blob/6dff696f39fb55bfdde9581544d788932f145e47/src/SentinelList.sol#L30-L32) based on `SentinelListLib` used as dependencies as seen [here](https://github.com/Cyfrin/2024-07-biconomy/blob/9590f25cd63f7ad2c54feb618036984774f3879d/contracts/interfaces/base/IStorage.sol#L34-L35). Contract cannot be reinitialized - front-running initializers invalid per [codehawks guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid)
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Community Judging
Submissions are being reviewed by the community.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.