Potential Loss of Funds Due to Excess ETH Not Being Refunded
Summary
A vulnerability in the TokenManager contract may cause users to lose excess ETH that is not refunded. This issue arises when the input _amount is controlled by the PreMarkets and DeliveryPlace contracts, which might require users to send more ETH than necessary due to factors such as price slippage, math rounding, or rate changes.
Vulnerability Details
Found in src/core/TokenManager.sol at Line 86
@>: Excess ETH might not be refunded. The input
_amountis controlled via thePreMarketsandDeliveryPlacecontracts, so it might require the user to send more ETH than required due to price slippage, math rounding, rate change, etc.
Impact
Users might lose their funds if the excess ETH is not refunded. This could lead to a significant loss of trust in the protocol and financial loss for users.
Tools Used
Manual Review
Recommendations
Implement a mechanism to send back the excess ETH (msg.value - _amount) to the original sender (marketInfo.authority) to prevent any potential loss of funds.
Lead Judging Commences
[invalid] finding-TokenManager-tillin-excess
Invalid, these are by default, invalid based on codehawks [general guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). The check implemented is simply a sufficiency check, it is users responsibility to only send an appropriate amount of native tokens where amount == msg.value when native token is intended to be used as collateral (which will subsequently be deposited as wrapped token). All excess ETH can be rescued using the `Rescuable.sol` contract. > Users sending ETH/native tokens > If contracts allow users to send tokens acc111identally.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.