Missing check on existing txhash

[code423n4]

Handle

Tomio

Vulnerability details

Impact

There is no check to make sure that the admin is canceling the correct txhash or an existing txhash, therefore, an admin can accidentally delete nonexisting txhash, which will not revert.

Proof of Concept

https://github.com/code-423n4/2022-01-openleverage/blob/main/openleverage-contracts/contracts/gov/Timelock.sol#L102

Tools Used

Recommended Mitigation Steps

add:

require(queuedTransactions[txHash]);

[ColaM12]

There is no risk to delete an nonexisting txhash, but gas cost on validation.

[0xleastwood]

Agree, this contract is pretty standard already and this seems superfluous.