+
+ At the moment of writing (Starknet 0.13.2), two critical validations must happen in __execute__ , and their absence can lead to draining of the account’s funds:
+
+
+ (1) assert!(get_caller_address().is_zero())
+
+
+ This asserts that the account’s __execute__ is not called from another contract, thus skipping validations (in later versions we may disallow calling execute from another contract at the protocol level)
+
+
+ (2) assert!(get_tx_info().unbox().version.into() >= 1_u32)
+
+
+ This asserts that the transaction’s version is at least 1, preventing the account from accepting INVOKE v0 transactions. It is critical to explicitly disallow the deprecated v0 transaction type, as v0 transactions assume that the signature verification happens in __execute__ , and are thus skipping __validate__ entirely.
+
+ |
+