Closed code423n4 closed 2 years ago
Tomio
There is no check to make sure that the admin is canceling the correct txhash or an existing txhash, therefore, an admin can accidentally delete nonexisting txhash, which will not revert.
https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/gov/Timelock.sol#L102
add:
require(queuedTransactions[txHash]);
There is no risk to delete an nonexisting txhash, but gas cost on validation.
Agree, this contract is pretty standard already and this seems superfluous.
Handle
Tomio
Vulnerability details
Impact
There is no check to make sure that the admin is canceling the correct txhash or an existing txhash, therefore, an admin can accidentally delete nonexisting txhash, which will not revert.
Proof of Concept
https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/gov/Timelock.sol#L102
Tools Used
Recommended Mitigation Steps
add: