Tadle
Tadle
DeFi
30,000 USDC
View results
Previous Next
Submission Details
Severity: low
Invalid

Users unable to recover excess ether sent during transaction

tinnohofficial

Summary

PreMarktes.sol - Wnen a user calls createOffer, createTaker, listOffer and relistOffer and the pass in very excess ether to the amount required, it is gone.

Vulnerability Details

The protocol has no functionality to transfer back excess of ether when a user calls any of the functions createOffer, createTaker, listOffer and relistOffer and passing msg.value. In addition to this the protocol does not expose any external function to help the user to know in advance amount of ether required for the offer or order.

Impact

Loss of funds for user who mistakenly added excess especially for users who want to interact with the system using smart contracts instead of the UI offered by tadle.com

Tools Used

Manual Review

Recommendations

In the functions createOffer, createTaker, listOffer and relistOffer add a mechanism to send back to the user the difference in ether between the msg.value and actual amount used

Updates

Lead Judging Commences

0xnevi Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

[invalid] finding-TokenManager-tillin-excess

Invalid, these are by default, invalid based on codehawks [general guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). The check implemented is simply a sufficiency check, it is users responsibility to only send an appropriate amount of native tokens where amount == msg.value when native token is intended to be used as collateral (which will subsequently be deposited as wrapped token). All excess ETH can be rescued using the `Rescuable.sol` contract. > Users sending ETH/native tokens > If contracts allow users to send tokens acc111identally.

Appeal created

0xnevi Lead Judge 9 months ago
Submission Judgement Published
Invalidated
Reason: Known issue
Assigned finding tags:

[invalid] finding-TokenManager-tillin-excess

Invalid, these are by default, invalid based on codehawks [general guidelines](https://docs.codehawks.com/hawks-auditors/how-to-determine-a-finding-validity#findings-that-may-be-invalid). The check implemented is simply a sufficiency check, it is users responsibility to only send an appropriate amount of native tokens where amount == msg.value when native token is intended to be used as collateral (which will subsequently be deposited as wrapped token). All excess ETH can be rescued using the `Rescuable.sol` contract. > Users sending ETH/native tokens > If contracts allow users to send tokens acc111identally.

Support

FAQs

Can't find an answer? Chat with us on Discord, Twitter or Linkedin.