The Liquidity tokens to give for providing liquidity always calculates added Liquidity based on WETH instead of WBTC, this means if WBTC reserves get low, there's no means for code to prioritize WBTC liquidity
Proof of Concept
In _addLiquidity
if ( addedAmount0 > addedAmount1)
//@audit this comparision doesn't take decimals into account or their relative ratios, this is wrong
addedLiquidity = (totalLiquidity * addedAmount0) / reserve0;
else
addedLiquidity = (totalLiquidity * addedAmount1) / reserve1;
The reason addedLiquidity will only be computed by WETH is because, WBTC : WETH pool value is in 1:20.
That is, WBTC is costlier than WETH and an amount x needs lower WBTC than it does for WETH.
The check
if ( addedAmount0 > addedAmount1)
doesn't take this into account.
Tools Used
Manual analysis
Recommended Mitigation Steps
Uniswap's way of checking liquidity may help circumvent this issue
Lines of code
https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/pools/Pools.sol#L131-L135
Vulnerability details
Impact
The Liquidity tokens to give for providing liquidity always calculates added Liquidity based on WETH instead of WBTC, this means if WBTC reserves get low, there's no means for code to prioritize WBTC liquidity
Proof of Concept
In _addLiquidity
The reason addedLiquidity will only be computed by WETH is because, WBTC : WETH pool value is in 1:20. That is, WBTC is costlier than WETH and an amount x needs lower WBTC than it does for WETH. The check
doesn't take this into account.
Tools Used
Manual analysis
Recommended Mitigation Steps
Uniswap's way of checking liquidity may help circumvent this issue
Assessed type
Uniswap