Certora (https://www.certora.com/).
The final audit was performed on commit 8a906605010520bed5b532c9d2feb04fdf237832.
There is one acknowledged finding from the audit report:
- I-01: EVM Version Shanghai may not work on other chains due to PUSH0
We explicitly set the EVM version to target by the Solidity compiler to
paristo avoid emittingPUSH0opcodes and increase compatibility across L2s.
The vendored FreshCryptoLib library implementing the secp256r1 Solidity based verification was not included in this audit. However, the contracts are used in other audited smart wallets such as the Coinbase Smart Wallet's webauthn-sol implementation. The Daimo P-256 verifier has been previously audited and is compatible with the Safe WebAuthn signer contracts.
SafeWebAuthnSharedSigner contract has not been audited