Incorrect Handling of Native Token Wrapping and Transfer in Token Management Function
Summary
The current implementation in(tillIn function in TokenManager contract) incorrectly handles the amount of native tokens (e.g., ETH) being wrapped and transferred to the capital pool. The function takes the entire msg.value (the ETH sent by the user) instead of only the desired _amount.
Vulnerability Details
The code wraps the entire msg.value sent by the user, even if the amount of ETH sent by user exceeds the _amount specified by the user.
https://github.com/Cyfrin/2024-08-tadle/blob/main/src/core/TokenManager.sol#L86-L90
Impact
Loss of funds for the user.
Tools Used
Manual review
Recommendations
Update the code-snippet as follows:
Lead Judging Commences
[invalid] finding-TokenManager-tillin-excess
Invalid, these are by default, invalid based on codehawks [general guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). The check implemented is simply a sufficiency check, it is users responsibility to only send an appropriate amount of native tokens where amount == msg.value when native token is intended to be used as collateral (which will subsequently be deposited as wrapped token). All excess ETH can be rescued using the `Rescuable.sol` contract. > Users sending ETH/native tokens > If contracts allow users to send tokens acc111identally.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.