## Implementation destruction risk **Severity**: Critical Context: [`Implementation.sol#L17`](https://github.com/spearbit-audits/writing-exercise/blob/de45a4c5b654710812e9fa29dde6e12526fe4786/contracts/Implementation.sol#L17) The Implementation contract's functions can be called directly by anyone (without going through the proxy). It is particularly problematic in the case of `delegatecallContract(...)`, because it delegatecalls any user-provided address, which might contain malicious code that will execute in the context of the deployed Implementation contract. Most notably, the malicious callee might selfdestruct Implementation, leaving all users of the wallet protocol with unusable wallets, much like in the second Parity wallet hack. **Recommendation**: The issue can be avoided by leveraging the concept of Library, which is a special kind of solidity contract that among other peculiarities can only be called via delegatecalls, thereby negating the vulnerability described above. Switching the keyword `contract` for `library` and removing the two `payable` keywords (because libraries can't receive ETH), is a sufficient and complete fix.