If `msg.value` exceeds `_amount`, the user will suffer a loss
Summary
In the tillIn() function, if msg.value is greater than the specified _amount, the user will incur a loss of msg.value - _amount.
Vulnerability Details
In the tillIn() function, if _tokenAddress == wrappedNativeToken, the protocol converts msg.value to WETH and then transfers it to capitalPoolAddr.
Note that the protocol only converts the amount specified in the parameters to WETH. If msg.value is greater than _amount, the user will incur a loss.
Impact
The user may incur a loss
Tools Used
Recommendations
The recommended fix is to validate that msg.value equals _amount.
Lead Judging Commences
[invalid] finding-TokenManager-tillin-excess
Invalid, these are by default, invalid based on codehawks [general guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). The check implemented is simply a sufficiency check, it is users responsibility to only send an appropriate amount of native tokens where amount == msg.value when native token is intended to be used as collateral (which will subsequently be deposited as wrapped token). All excess ETH can be rescued using the `Rescuable.sol` contract. > Users sending ETH/native tokens > If contracts allow users to send tokens acc111identally.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.