Slow Sky Puma - User spends more Numa tokens than required to mint an amount of nuAsset tokens

[sherlock-admin3]

Slow Sky Puma

Medium

User spends more Numa tokens than required to mint an amount of nuAsset tokens

Summary

Higher Price between vault buy price and LP price is Used to Mint nuAsset from Numa, instead of using the lower price.

Root Cause

In NumaPrinter.sol, a wrong calculation is done to get the lowest price between Vault buy price and LP Price, and this results in the higher price used to mint a nuAsset from Numa.

Internal pre-conditions

1. User needs to call mintAssetOutputFromNuma when vault buy price != LP Price

External pre-conditions

No response

Attack Path

1. User calls mintAssetOutputFromNuma when vault buy price != LP Price
2. getNbOfNumaNeededAndFeeis called to fetch the min amount of Numa needed to mint _nuAssetAmount
3. Higher amount between vault buy price numaAmountVault and LP price numaAmountPrice is returned

Impact

The user spends more numa token than required, to mint the commensurate amount of nuAsset tokens.

PoC

No response

Mitigation

The line

if (numaAmountVault >  NumaAmountPool) costWithoutFee = NumaAmountVault 

should be changed to

if (numaAmountVault <  NumaAmountPool) costWithoutFee = NumaAmountVault