A malicious user can steal a reserved token by using shift() function of Well.sol if the well was added liquidity unsafely with zero amount of the one of tokens.
Lines of code Vulnerability details Impact A malicious user can steal a reserved token by using shift function of Well.sol if the well was added liquidity unsafely with zero amount of the one of tokens. Proof of Concept Let's assume the well with WETH and USDC tokens. Currently totalSupply is zer...