tillIn function in TokenManager does not refund the excess amount causing stuck funds
Summary
The tillIn function in TokenManager gets amount from from msg.value if the wrappedNative Token is used, however it does not refund the excess amount if the user sends more assuming it'll be refunded or used only as required.
Vulnerability Details
The tillin Function in token manager has a block of code to process wrappedNativeToken, however unlike the code block next to it which transfers only as per required from the allowance of the token. The function has no mechanism to deposit the excess value back to the msg.sender.
This becomes more of an issue when the user does not want to deal his own calculation for added fees.
Impact
The excess funds of the user are permanently lost
Tools Used
Manual analysis
Recommendations
refund the excess msg.value back
Lead Judging Commences
[invalid] finding-TokenManager-tillin-excess
Invalid, these are by default, invalid based on codehawks [general guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). The check implemented is simply a sufficiency check, it is users responsibility to only send an appropriate amount of native tokens where amount == msg.value when native token is intended to be used as collateral (which will subsequently be deposited as wrapped token). All excess ETH can be rescued using the `Rescuable.sol` contract. > Users sending ETH/native tokens > If contracts allow users to send tokens acc111identally.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.