TokenisableRange.deposit uses user input when calculating fees, but the user may input an imperfect proportion of tokens.
All excess tokens should be returned to the user and should not be involved in fee calculations. Billing users for all inputted tokens, resulting in additional fees and loss of user funds.
Lines of code
Vulnerability details
Comments
TokenisableRange.deposit uses user input when calculating fees, but the user may input an imperfect proportion of tokens. All excess tokens should be returned to the user and should not be involved in fee calculations. Billing users for all inputted tokens, resulting in additional fees and loss of user funds.
Mitigation
The reconstructed deposit removes the complex double charging mechanism and only charges LP after adding liquidity, which eliminates this issue.
Conclusion
LGTM