When the user wants to buy many potions and the gas used does not fit in one block, the buy is split in several transactions. When doing this, the maximum premium used for the first transactions seems to be the total maximum premium for all transactions together, which is wrong.
This can be exploited by an external attacker by filling up the pools used in the buy and take advantage of arbitrage, or by the LP provider withdrawing liquidity, and thus making the utilization higher and getting more premium.
When the user wants to buy many potions and the gas used does not fit in one block, the buy is split in several transactions. When doing this, the maximum premium used for the first transactions seems to be the total maximum premium for all transactions together, which is wrong.
This can be exploited by an external attacker by filling up the pools used in the buy and take advantage of arbitrage, or by the LP provider withdrawing liquidity, and thus making the utilization higher and getting more premium.