Summary

The provide_liquidity function lacks validation to prevent users from providing zero amounts, which can lead to failed transactions, wasted gas, and potential edge case exploits.

Vulnerability Details

The function accepts amount_a as input but does not validate that it is greater than zero before proceeding with calculations and token transfers. While the calculate_token_b_provision_with_a_given function will eventually fail if the calculated amount_b is zero, the primary input amount_a is never validated upfront.

Impact

• Gas Waste: Users can call the function with amount_a = 0, causing unnecessary computation and gas consumption before eventual failure

• Poor User Experience: Late validation leads to confusing error messages deep in the execution flow

• Potential Edge Cases: Zero amounts combined with rounding errors could lead to unexpected behavior in LP token minting calculations

• Inconsistent Validation: Other functions like initialize_pool properly validate against zero amounts, creating inconsistent behavior

Recommended Mitigation

Add explicit zero amount validation at the beginning of the function:

This ensures consistent validation patterns across all liquidity operations and provides clear, early feedback to users.