Excess Ether received in TokenManager::TillIn() should be returned to the caller.
Summary
TokenManager::tillIn(...) function accepts Native tokens via payable modifier, if the tokenAddress was of wrappedNativeToken.
The logic should return back excess native tokens to the caller.
Vulnerability Details
Excess native tokens received in TokenManager::tillIn(...) function will remain locked in the contract.
Impact
User looses funds in small chunks as the contract does not return excess funds.
Tools Used
Manual Review
Recommendations
The logic should return excess native tokens back to the caller. The implementation should be reviewed across places where TillIn(...) function is called and ensure, the original caller gets excess tokens back.
Lead Judging Commences
[invalid] finding-TokenManager-tillin-excess
Invalid, these are by default, invalid based on codehawks [general guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). The check implemented is simply a sufficiency check, it is users responsibility to only send an appropriate amount of native tokens where amount == msg.value when native token is intended to be used as collateral (which will subsequently be deposited as wrapped token). All excess ETH can be rescued using the `Rescuable.sol` contract. > Users sending ETH/native tokens > If contracts allow users to send tokens acc111identally.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.