Attacker can drain metapool by manipualting Pt price
Summary
Attacker can manipulate the principal token price in curve tricrypto base pool before performing swapPtforUnderlying ( swap pt token ) by adding liquidity to base pool.
Vulnerability Detail
swapPtForUnderlying retrieves the amount of lp token that would be minted by adding amountIn ( pt ) to the pool and then swapping the lp token minted to underlying, however user can add liquidity to base pool ( another token like pt-b) so the price of pt would be increased and adding it to base pool would lead to minting more lp tokens than before so user can sell its pt with an inflated price by adding liquidity before swap.
xMxAxMx
high
Attacker can drain metapool by manipualting Pt price
Summary
Attacker can manipulate the principal token price in curve tricrypto base pool before performing swapPtforUnderlying ( swap pt token ) by adding liquidity to base pool.
Vulnerability Detail
swapPtForUnderlying retrieves the amount of lp token that would be minted by adding amountIn ( pt ) to the pool and then swapping the lp token minted to underlying, however user can add liquidity to base pool ( another token like pt-b) so the price of pt would be increased and adding it to base pool would lead to minting more lp tokens than before so user can sell its pt with an inflated price by adding liquidity before swap.
Impact
inflating pt share price and draining meta pool
Code Snippet
https://github.com/sherlock-audit/2024-01-napier-MehdiKarimi81/blob/3226041850e29a114ec95a722a1155e39637b89f/v1-pool/src/NapierPool.sol#L324-L380 https://github.com/sherlock-audit/2024-01-napier-MehdiKarimi81/blob/3226041850e29a114ec95a722a1155e39637b89f/v1-pool/src/NapierPool.sol#L341 https://github.com/sherlock-audit/2024-01-napier-MehdiKarimi81/blob/3226041850e29a114ec95a722a1155e39637b89f/v1-pool/src/NapierPool.sol#L343-L344
Tool used
Manual Review
Recommendation