In several places in `PreMarkets.sol`, the excess ETH is not refunded to the user and is lost
Summary
In several places in PreMarkets.sol, the excess ETH is not refunded to the user and is lost
Vulnerability Details
When the user use createOffer(), listOffer(), relistOffer(), and _depositTokenWhenCreateTaker(), he should send ether. From there, it is called tokenManager.tillIn{value: msg.value}:
Here, we can only see if msg.value is sufficient, but there is no check if it is more than the exceeding value is to be returned to the user.
Impact
The excess ether is lost.
Tools Used
Visual Studio Code
Recommendations
Return the remaining ether to the user.
Lead Judging Commences
[invalid] finding-TokenManager-tillin-excess
Invalid, these are by default, invalid based on codehawks [general guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). The check implemented is simply a sufficiency check, it is users responsibility to only send an appropriate amount of native tokens where amount == msg.value when native token is intended to be used as collateral (which will subsequently be deposited as wrapped token). All excess ETH can be rescued using the `Rescuable.sol` contract. > Users sending ETH/native tokens > If contracts allow users to send tokens acc111identally.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.