Lack of maximum liquidity guardrail during swapping
Bin liquidity can grow past `MAX_LIQUIDITY_PER_BIN` during swaps because the guardrail is only enforced on minting. An overflow in the resulting u256 math can lock funds for the bin.
Description
The contract contains a guardrail against crossing the maximum allowed liquidity amount within a single bin during LP minting process within the bin_helper::get_shares_and_effective_amounts_in(...) function:
require(final_liquidity <= MAX_LIQUIDITY_PER_BIN,PoolCurveStateError::MaxLiquidityPerBinExceeded,);
In practice the bin liquidity is also increased during swapping as swap fees are accrued and are added to the overall bin_reserves. This is done in the swap_utils::process_single_bin(...) function:
// Update bin reserveslet amounts_in_after_fees = amounts_in_with_fees - protocol_fees;let new_bin_reserves = calculate_new_bin_reserves(bin_reserves,amounts_in_after_fees,amounts_out_of_bin,args.swap_for_y,);storage_keys.bins.insert(internal_bin_id, new_bin_reserves);
There is no verification here that the new_bin_reserves do not cross the MAX_LIQUIDITY_PER_BIN threshold.
Impact
The impact is that when liquidity crosses the threshold it might result in overflow while doing the u256 math, which in turn would break the swapping, minting and burning functionality on the given bin. This in turn would result in funds locked. The chances of this however are low, due to the high amount of tokens that would need to be deposited as liquidity. While the impact is serious, the conditions where it could happen are difficult to achieve in practice, hence the severity is classified as Medium.
Recommendation
Validate the new bin reserves against crossing the MAX_LIQUIDITY_PER_BIN threshold during swaps.
Resolution
Fixed in commit ef061b3c637fc5ba3bee8b4cf11d2fe69cca9397.
