TimeswapPair.sol#mint() Lack of input validation allows attacker to set pool.state.y to an arbitrary target value
Handle WatchPug Vulnerability details pool.state.y += yIncrease; TimeswapPair.solmint takes a user input value of yIncrease without proper validation, which means that it allows the state of pool.state.y to increase by the arbitrary value set by the caller. Impact When pool.state.y is extremely...