In BasePool.sol, the mint() function allows a user to supply both native and foreign assets to the contract and then it calls _mint() to update the balance of the "to" address argument. The mint() function does not check if the user provides equal amounts/value of the 2 assets which could cause an imbalance in the pool and be used to manipulate pricing because of this.
Handle
jayjonah8
Vulnerability details
Impact
In BasePool.sol, the mint() function allows a user to supply both native and foreign assets to the contract and then it calls _mint() to update the balance of the "to" address argument. The mint() function does not check if the user provides equal amounts/value of the 2 assets which could cause an imbalance in the pool and be used to manipulate pricing because of this.
Proof of Concept
https://github.com/code-423n4/2021-12-vader/blob/main/contracts/dex/pool/BasePool.sol#L148
Tools Used
Manual code review
Recommended Mitigation Steps
require that a user provides equal amounts or value of both the native and foreign amounts.