Incorrect error in cancel function of TimelockController.sol
Summary
The cancel function incorrectly uses the OperationAlreadyScheduled error instead of the OperationAlreadyExecuted error when validating whether an emergency action has already been executed. This leads to misleading error messages and potential misinterpretation of contract state by users or external systems.
Vulnerability Details
In the code snippet provided, the conditional check for whether an operation has been executed uses the OperationAlreadyScheduled error upon revert:
TimelockController.sol::cancel
However, the correct error to use in this context is OperationAlreadyExecuted(id). The OperationAlreadyScheduled error is likely intended for a different scenario (e.g., preventing duplicate scheduling of an operation), while OperationAlreadyExecuted should be thrown when an attempt is made to execute an already-completed emergency action. This mismatch creates inconsistency in error handling and may cause downstream systems to misinterpret the reason for the revert.
Impact
misleading errors
Tools Used
manual
Recommendations
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.