[Audit][M-03] Changing amount of account access is open to a sandwich attack

[antoncoding]

Severity: Medium
Description:
The BaseEngine contract has the option to allow any other entity to perform actions on behave. This is recorded with an amount of actions which is inputted. This leads to the typical allowance vulnerability where allowance is set to x amount and changed to a new amount.

Simple example where this could lead to an issue:

• UserA has set UserB to 50 allowedExecutions
• UserB already executed 5 times, making allowedExecution 45
• UserA now wants to grant another 10 actions, sending a tx to adjust the number to 55
• UserB front runs UserA, spend the remaining 45 executions, and got another 55 times after the tx above is mined.