Overpayments of wrapped native tokens using `TokenManager::tillIn` are not handled by the protocol.
Description
TokenManager::tillIn accepts payments in wrapped native tokens, but it seems that possible overpayments are not returned to the msg.sender and even possibly looked up in the TokenManager contract.
The TokenManager::tillIn function is called with msg.value specifically in the PreMarkets.sol contract, while e.g. the collateral is transferred to the TokenManager contract via PreMarkets::createOffer, which is then transferred to the CapitalPool.sol, and in a few other cases. Here is an example from PreMarkets::createOffer (https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/PreMarkets.sol#L86-L101):
Overpayments should be handled in an appropriate manner so that the overpaid funds can be returned to msg.sender and not be looked up in the TokenManager contract.
The TokenManager::tillIn function checks in line 86 (https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/TokenManager.sol#L86) that the caller has provided an amount of wrapped native tokens (msg.value) greater than or equal to the value of the TokenManager::tillIn function parameter _amount at the time of execution:
However, the audited contracts lack the functionality to refund the msg.sender in case of a possible overpayment. Instead, it appears that the overpayment amounts will accrue to the TokenManager contract balance.
Impact
The absence of a refund mechanism for overpayments in the TokenManager::tillIn function could lead to users losing funds. If the amount sent (msg.value) exceeds the required transfer amount, the excess funds remain locked within the contract without being utilized or accessible to the user. This could discourage user participation due to the risk of financial loss and might require users to rely on additional external processes to recover their overpaid amounts, creating a poor user experience.
Tools used
manual review, vscode
Recommended Mitigation
To address the issue of potential overpayments in TokenManager::tillIn, consider implementing the following mitigation strategies:
Calculate and refund overpayment amounts to
msg.senderinTokenManager.sol.As a possible solution alternative, consider implementing a check for an exact match between
msg.valueand_amountusing the conditionif (msg.value != _amount)in theTokenManager::tillInfunction. If these values do not match, revert the transaction to prevent both underpayments and overpayments. However, ensure that this approach is compatible with all intended use cases for the contract.
Lead Judging Commences
[invalid] finding-TokenManager-tillin-excess
Invalid, these are by default, invalid based on codehawks [general guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). The check implemented is simply a sufficiency check, it is users responsibility to only send an appropriate amount of native tokens where amount == msg.value when native token is intended to be used as collateral (which will subsequently be deposited as wrapped token). All excess ETH can be rescued using the `Rescuable.sol` contract. > Users sending ETH/native tokens > If contracts allow users to send tokens acc111identally.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.