[MEDIUM] BaseFeeAdjuster exactOut path can underflow and permanently revert small‑trade/high‑gas executions

[Mehd1b]

Description

When ctx.query.isExactIn == false, the instruction computes a multiplicative "priceDecay" using a subtraction of two 1e18‑scaled values. If the extra gas cost expressed in token1 terms exceeds the current amountIn (common for small trades at high gas), the ratio exceeds 1e18 and the subtraction underflows, causing a hard revert before clamping to maxPriceDecay can be applied.

// exactOut path
uint256 extraGasCost = (block.basefee - baseGasPrice) * gasAmount;
uint256 extraCostInToken1 = (extraGasCost * ethToToken1Price) / 1e18;
uint256 priceDecay = 1e18 - (extraCostInToken1 * 1e18 / ctx.swap.amountIn); // underflow if ratio > 1e18
priceDecay = Math.max(priceDecay, maxPriceDecay);
ctx.swap.amountIn = (ctx.swap.amountIn * priceDecay).ceilDiv(1e18);

A taker choosing a small exactOut amount during elevated gas (or any scenario where extraCostInToken1 * 1e18 > amountIn) will systematically revert, making affected orders unfillable. This violates the intended invariant that the adjuster should improve price for takers while respecting the maxPriceDecay bound, because execution fails before clamping is applied.