Tiny Alabaster Squirrel - NumaOracle::getNbOfNuAssetFromNuAsset() contains wrong order of the two functions it invokes

[sherlock-admin2]

Tiny Alabaster Squirrel

High

NumaOracle::getNbOfNuAssetFromNuAsset() contains wrong order of the two functions it invokes

Summary

NumaOracle::getNbOfNuAssetFromNuAsset() is used to get the amount of one nuAsset converted into another nuAsset.

To do that correctly, we should get the amount of nuAsset_first and convert it into eth and then use that eth to see how much amount of nuAsset_second we are going to get, but the function does that wrongly.

The function currently takes the amountIn from the nuAsset_second and inputting the nuAsset_first as the address which basically takes the amount of the second nuAsset and converts eth to nuAsset even though we have NOT inputted any ETH into the function.

Root Cause

The root cause is the incorrect order of the functions it calls.

It should first nuAManager.nuAssetToEth() to correctly convert nuAsset_first and its amount to eth, and then call nuAManager.ethToNuAsset() with the eth received from the first function to get to nuAsset_second and its amount

Internal pre-conditions

No response

External pre-conditions

No response

Attack Path

1. User calls swapExactInput() to swap nuAsset to another nuAsset with specified amounts
2. Due to incorrect logic, user will waste gas due to a revert he didn't expect (the app will be on ETH mainnet), or the incorrect pricing may give the user much more value, giving the possibility of taking money nuAsset than intended.

Impact

User will either lose money from gas fees (ETH mainnet) due to an unexpected revert and not being able to use the function, or drain the protocol due to returning an incorrect amount.

PoC

No response

Mitigation

Swap the orders in which the functions are called, so they produce the correct value.