`lib.get_amounts_for_liquidity_mint` might be wrong

[hats-bug-reporter[bot]]

Github username: -- Twitter username: -- Submission hash (on-chain): 0xea17b83c40d856bc1df34802a72bab986fcc09c7581e4ffd4ab43994094d6166 Severity: low

Description: Description\ Accroding to lib.get_amounts_for_liquidity_mint, the function returns how much tokens required to get liquidity amount of LP token.

While calling mod.compute_amounts_given_lp, there are two issues

1. The function should roundUp instead of roundDown in mod.rs#L451
2. calling lib.add_liquidity with the resuts returned by lib.get_amounts_for_liquidity_mint, the tx might be reverted because there is another factor rate should be considered in lib.get_amounts_for_liquidity_mint because rate might be updated within the function

442 pub fn compute_amounts_given_lp(
443     lpt_amount: u128,
444     reserves: &Vec<u128>,
445     pool_token_supply: u128,
446 ) -> Result<Vec<u128>, MathError> {
447     let mut amounts = Vec::with_capacity(reserves.len());
448     for &reserve in reserves {
449         amounts.push(
450             casted_mul(reserve, lpt_amount)
451                 .checked_div(pool_token_supply.into()) <<< --- Here should roundUp
452                 .ok_or(MathError::DivByZero(13))?
453                 .try_into()
454                 .map_err(|_| MathError::CastOverflow(6))?,
455         );
456     }
457     Ok(amounts)
458 }

Attack Scenario\ Describe how the vulnerability can be exploited.

Attachments

1. Proof of Concept (PoC) File

2. Revised Code File (Optional)

[JanKuczma]

Thank you for your submission.

This method estimates the ideal amounts needed to mint the specified amount of liquidity tokens. It may underestimate the amounts, however, rounding the amounts up could overestimate the amounts. It does not have to account for rates because the ideal amounts are the proportions of the reserves given the liquidity amount. This function works as intended.