Liquidity Provider can optionally call pay(...) before burn(...)

[code423n4]

Handle

PPrieditis

Vulnerability details

Impact

Liquidity Providers (LP) add liquidity by making both lending and borrowing positions at the same time. Intended functions for Liquidity Providers are only "mint" and "burn" however LP can optionally choose to call also "pay" before maturity. Depending on the situation in the market, it can be that it is more profitable for LP to call "pay" and "burn" than just only "burn". If LP would call also "burn" then it will have an impact on profit for other LP's and lenders. Also accordingly to "Timeswap V1 Core Product Specification" function "pay" belongs to "Borrowing Functions" and not "Liquidity Provider Functions".

Recommended Mitigation Steps

Do not insert "dueOut" in pool.dues array in TimeswapPair.mint. If LP doesn't have a "dueOut" in pool.dues array then he can't call "pay".

[Mathepreneur]

The due that LP receives is part of the design of providing liquidity.

[0xean]

closing as invalid - working as intended per sponsor.