Another Permanent DOS while adding or removing liquidity on curve pool via router due to incorrect ICurvePool interface

[hats-bug-reporter[bot]]

Github username: @burhankhaja Twitter username: imaybeghost Submission hash (on-chain): 0xa38867060a6fa9f91ce75467625f3aeec950fe70c7b5bbb9b812945ed9d9e76d Severity: high

Description: Bug Category\ Protocol Insolvency

Description\ Everytime a user tries to add or remove liquidity on curve pool, it will result in DOS due to the EVM error resulting from mismatched interface and the actual curvefinance pool's implementation of:

• add_liquidity()
• remove_liquidity()
• remove_liquidity_one_coin()

The dispatcher contract assumes different incorrect parameters for these functions as compared to their actual onchain implementation

like for example, the onchain remove_liquidity_one_coin() takes: uint, int, and uint parameters as input

DAI-USDT-USDC Pool:

@external
@nonreentrant('lock')
def remove_liquidity_one_coin(_token_amount: uint256, i: int128, min_amount: uint256):
    .....

Unfortunately On the other hand, the dispatcher contract assumes different parameters for remove_liquidity_one_coin()

Dispatcher.sol

  ICurvePool(pool).remove_liquidity_one_coin(lps, i, min_amount, false, recipient);

Therefore EVM error is triggered everytime user triggers these commands:

• Commands.CURVE_ADD_LIQUIDITY
• Commands.CURVE_REMOVE_LIQUIDITY
• Commands.CURVE_REMOVE_LIQUIDITY_ONE_COIN

[yanisepfl]

Invalid for the same reason as: https://github.com/hats-finance/Spectra-0x4b792db3d2a5d1c1ccf9938380756b200c240e5d/issues/6