A user sending native tokens with tillIn()
function in TokenManager.sol
could loose funds if he sends an amount > than the amount specified in argument.
https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/TokenManager.sol#L56
The tillIn()
function checks if the amount
sent is greater (or equal) to the amount specified, if not it reverts.
But if the amount sent is greater than the amount specified : msg.value > amount
the function will consider amount
and not msg.value
, even though msg.value
is indeed sent.
=> Meaning that (msg.value - amount) will be lost for the user.
https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/TokenManager.sol#L86-L90
We can see below that _amount
is used but msg.value
is sent :
Loss of user funds when sending native tokens.
VisualCode, Foundry.
Should check if msg.value
is equal to the amount specified in argument before accepting the transaction, or accept msg.value > amount
but give back the difference (msg.value - amount).
Or at least use msg.value
in deposit()
& _safe_transfer()
instead of _amount
:
Invalid, these are by default, invalid based on codehawks [general guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). The check implemented is simply a sufficiency check, it is users responsibility to only send an appropriate amount of native tokens where amount == msg.value when native token is intended to be used as collateral (which will subsequently be deposited as wrapped token). All excess ETH can be rescued using the `Rescuable.sol` contract. > Users sending ETH/native tokens > If contracts allow users to send tokens acc111identally.
Invalid, these are by default, invalid based on codehawks [general guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). The check implemented is simply a sufficiency check, it is users responsibility to only send an appropriate amount of native tokens where amount == msg.value when native token is intended to be used as collateral (which will subsequently be deposited as wrapped token). All excess ETH can be rescued using the `Rescuable.sol` contract. > Users sending ETH/native tokens > If contracts allow users to send tokens acc111identally.
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.