Ergo Platform API Vulnerability: Unbounded Inputs in /api/lp/apy Endpoint Risk APY Manipulation

A critical vulnerability in the Ergo blockchain platform's liquidity provider API allows malicious actors to manipulate displayed Annual Percentage Yield (APY) calculations. The `/api/lp/apy` endpoint, defined in `lp_routes.py`, fails to validate user-controlled query parameters `avg_bet_size` and `bets_per_block`. This lack of bounds checking opens the door to direct injection of extreme values, enabling attackers to distort the financial metrics shown to liquidity providers.

The core flaw lies in the code's direct conversion of these parameters to floats without any range validation. An attacker could submit `avg_bet_size=1e308` to trigger a float overflow and NaN propagation, `avg_bet_size=-1000` to display a negative APY, or `bets_per_block=999999` to artificially inflate the yield figure. These manipulations could deceive investors about the true performance and risk profile of a liquidity pool.

The security impact is rated MEDIUM, as successful exploitation could lead to misinformed capital allocation decisions. The issue requires immediate remediation: implementing validation to restrict `avg_bet_size` to a range of [0.001, 100000.0] ERG and `bets_per_block` to [0.0, 1000.0], returning a 400 error for invalid inputs, and adding comprehensive unit tests for boundary conditions.