fix: check if hook installed before emergency uninstall

[livingrockrises]

Problem:

The emergencyUninstallHook() function is meant to allow the account owner to remove a hook from the account (minus the pre and post checks on the hook).

It is an alternate to the uninstallModule() function which offers hook checks on calls to uninstall any type of modules.

A timelock has been placed to only allow the account to emergency-uninstall the hook after 1 day of placing an uninstall request. But emergencyUninstallHook() fails to check that the hook was actually installed.

This allows the timelock to be bypassed through the following steps :

Call emergencyUninstallHook() to place an uninstall request even before installing the hook => this records a timestamp corresponding to the hook address
After nearly a day has passed, install the hook and use it
Immediately call emergencyUninstallHook() to utilize the request that was placed before
As only a day has passed, the call will go through
The timelock has been effectively bypassed by the account

Solution:

UninstallModule() on Nexus.sol checks that the module they are trying to uninstall through the call is actually installed. Add the same check to emergencyUninstallHook()

Also replaced the event EmergencyHookUninstallRequest in reset case with EmergencyHookUninstallRequestReset (Cantina 59)

[github-actions]

Changes to gas cost

Generated at commit: 07218814cd50fbff916800c21ab0a618418f5e5f, compared to commit: 63a37aa2849152afd73bbd0d1143942707533d79

🧾 Summary (5% most significant diffs)

Contract	Method	Avg (+/-)	%

---

Full diff report 👇

Contract	Deployment Cost (+/-)	Method	Min (+/-)	%	Avg (+/-)	%	Median (+/-)	%	Max (+/-)	%	# Calls (+/-)
Nexus	4,850,086 (+10,374)

[openzeppelin-code]

fix: check if hook installed before emergency uninstall

Generated at commit: c906e0d80a85e92d8af65cb2d65a58e71e10f9ee

🚨 Report Summary

	Severity Level	Results
Contracts	Critical High Medium Low Note Total	0 1 0 7 25 33

---

For more details view the full report in OpenZeppelin Code Inspector

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 94.86%. Comparing base (63a37aa) to head (2cfa270).
Report is 4 commits behind head on dev.

Additional details and impacted files

@@            Coverage Diff             @@
##              dev     #175      +/-   ##
==========================================
+ Coverage   94.58%   94.86%   +0.28%     
==========================================
  Files          14       14              
  Lines         720      721       +1     
  Branches      138      164      +26     
==========================================
+ Hits          681      684       +3     
+ Misses         39       37       -2     

Files with missing lines	Coverage Δ
contracts/Nexus.sol	96.09% <100.00%> (+1.60%)	⬆️

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 63a37aa...2cfa270. Read the comment docs.

[github-actions]

🤖 Slither Analysis Report 🔎

Slither report

# Slither report

THIS CHECKLIST IS NOT COMPLETE. Use --show-ignored-findings to show all the results.
Summary
🟡 - unused-return (1 results) (Medium)

• constable-states (2 results) (Optimization)

unused-return

🟡 Impact: Medium
🟡 Confidence: Medium

• ID-0
  ERC7739Validator._hashTypedDataForAccount(address,bytes32) ignores return value by (name,version,chainId,verifyingContract) = EIP712(account).eip712Domain()

base/ERC7739Validator.sol#L176-L206

constable-states

Impact: Optimization
🔴 Confidence: High

• ID-1
  RegistryAdapter.registry should be constant

base/RegistryAdapter.sol#L10

• ID-2
  RegistryFactory.threshold should be constant

factory/RegistryFactory.sol#L39

_This comment was automatically generated by the GitHub Actions workflow._