No mechanism to refund excess msg.value in the function collectCreationFee()
Summary
If users, pass an amount greater than the creationFee as msg.value, then there is no mechanism to return the excess amount back to the user.
Vulnerability Detail
User calls publish() which is payable to publish a new work in an edition. the function then calls the invokes the FeeManager, calling the function collectCreationFee() in order to collect the creation fee for publishing the work. The collectCreationFeefunction calls thegetCreationFeefunction, which returns theasset(ETH)and theamount(protocolCreationFee). The issue here is that in a situation where the user passes a valuegreaterthan theprotocolCreationFee`, the excess amount will not be refunded as there is no mechanism for refunding the excess.
oxchryston
medium
No mechanism to refund excess
msg.value
in the functioncollectCreationFee()
Summary
If users, pass an amount greater than the
creationFee
asmsg.value
, then there is no mechanism to return the excess amount back to the user.Vulnerability Detail
User calls
publish()
which is payable to publish a new work in an edition. the function then calls the invokes the FeeManager, calling the functioncollectCreationFee()
in order to collect the creation fee for publishing the work. The collectCreationFeefunction calls the
getCreationFeefunction, which returns the
asset(ETH)and the
amount(protocolCreationFee). The issue here is that in a situation where the user passes a value
greaterthan the
protocolCreationFee`, the excess amount will not be refunded as there is no mechanism for refunding the excess.Impact
Users will be unable to get their assets back.
Code Snippet
https://github.com/sherlock-audit/2024-04-titles/blob/main/wallflower-contract-v2/src/fees/FeeManager.sol#L166
Tool used
Manual Review
Recommendation
implement the
refundExcess()
funtion used in the Edition.sol here so that users can automatically get their excess amount back.