Calls to arbitrary external addresses
The contract performs calls to arbitrary external addresses for multiple reasons. While this is required in some contexts (e.g., working with any token contract without maintaining an allowlist) and we could not identify any exploitable vulnerability, we would suggest to allowlist addresses to which external calls are performed. In particular, it might be worthwhile to consider allowlisting the addresses of known executors, given their extremely sensitive role.