The last comment about reentrancy seems to be really important. Currently it is technically possible to reenter, and I'm not sure if one can exploit it.
Possible scenario:
Attacker initiates addLiquidity
Attacker is called back and changes _liquidityPoolConverter.reserves (probably decreases it)
as addLiquidity execution continues, it will get costReserveAmount as a smaller value and try to send extra tokens to the attacker.
The last comment about reentrancy seems to be really important. Currently it is technically possible to reenter, and I'm not sure if one can exploit it. Possible scenario:
addLiquidity_liquidityPoolConverter.reserves(probably decreases it)addLiquidityexecution continues, it will getcostReserveAmountas a smaller value and try to send extra tokens to the attacker.