forge-multisig cancel() reads Threshold and Owners with unwrap() — will panic if instance storage has expired

## Summary
In `cancel()`, for non-proposer owners checking if the proposal is mathematically uncancellable:
```rust
let threshold: u32 = env.storage().instance().get(&DataKey::Threshold).unwrap();
let owners: Vec<Address> = env.storage().instance().get(&DataKey::Owners).unwrap();
```

Both use `.unwrap()` which will panic if instance storage has expired (TTL exhausted). This is the same pattern flagged in issue #145 for `propose()` and `approve()`. Unlike `execute()` which was fixed with `extend_ttl`, `cancel()` does not call `extend_ttl`.

## Tasks
- [ ] Replace `.unwrap()` on `DataKey::Threshold` with `.ok_or(MultisigError::NotInitialized)?`
- [ ] Replace `.unwrap()` on `DataKey::Owners` with `.ok_or(MultisigError::NotInitialized)?`
- [ ] Add `env.storage().instance().extend_ttl(17280, 34560)` at the end of `cancel()` on success
- [ ] Do an audit of all remaining `.unwrap()` calls on instance storage reads across all contracts
- [ ] Add a test verifying `cancel()` returns `NotInitialized` rather than panicking when storage is missing

**Labels:** `bug`, `forge-multisig`, `security`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

forge-multisig cancel() reads Threshold and Owners with unwrap() — will panic if instance storage has expired #332

Summary

Tasks

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

forge-multisig cancel() reads Threshold and Owners with unwrap() — will panic if instance storage has expired #332

Description

Summary

Tasks

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions