Microchain DEX (Mira Binned Liquidity)

LP token tainting via empty pool reserves check (IMM-HIGH-01). The guard against burning LP tokens that are part of pool reserves checks contract_reserves for None, but a pool that once held an LP token and has since been emptied returns a non-None value. A malicious user can deposit an LP token into a pool, withdraw it, and the token becomes permanently unredeemable while still appearing valid for transfer or sale on third-party systems.

Incorrect reserves accounting on protocol fee collection (IMM-HIGH-02). When collect_protocol_fees(...) is called, the collected amount is not deducted from contract_reserves. Subsequent LPs and swappers experience direct losses proportional to the fees collected, since the accounting difference is silently absorbed into their input amounts. Larger fee collections produce larger losses for the next interacting user.

Reduced shares for active-bin LPs (IMM-MED-01). Minting liquidity to an active bin uses bin_reserves topped up with non-protocol fees in the share calculation, overestimating bin liquidity and producing reduced shares for the LP. The behaviour follows the LFJ V2 formula but materially diminishes LP value, which is why the team acknowledged rather than fixed it.

Functionality vs spec mismatch in burn_liquidity() (IMM-MED-03). The comment spec claims LP tokens from different pools can be burned in a single call, but the implementation locks required_pool_id from the first asset and reverts on any mismatch. Integrators sending mixed LP tokens into the curve state can be frontrun, with attackers burning the residual shares.