When there is not enough liquidity in the node, it borrows liquidity from the parent. Since parent's liquidity equals liquidity of both children, borrowing liquidity increases the liquidity both of the current node and its sibling. This is done in solveLiq:
Notice, that sibling's liquidity is not actually modified, only preBorrow changes, which doesn't influence net() liquidity calculation. Moreover, in many cases siblings are not included in the route, meaning that in the settle walker, where uniswap pool liquidity is minted/burned, these siblings are not traversed and so the corresponding uniswap liquidity is not minted/burned.
This leads to incorrect accounting and incorrect portfolio of uniswap positions in the Ammplify contract: any price changes are calculated as if the contract holds corresponding positions, while contract doesn't actually hold them.
Moreover, this issue can be used by any malicious user to manipulate pool prices and steal all diamond funds (which includes all Takers collateral and collected fees not yet claimed or compounded).
Weaponizing it
1. User has 100e18 maker liquidity in 480..960 range;
2. Taker takes 100e18 liquidity in the 720..960 range;
3. Since there is not enough liquidity available in the 720..960 range, it is borrowed from the 480..960 range;
4. 100e18 of 480..960 liquidity is burned;
5. 100e18 worth of 720..960 liquidity is given to taker.
Notice, 480..720 liquidity is not minted. So the Ammplify now owes 100e18 liquidity in the 480..960 range, but has 0 uniswap positions, taker owes Ammplify 100e18 liquidity in the 720..960 range and Ammplify has current asset distribution from the 100e18 liquidity of the 480..720 range. Once liquidity is repaid back, Ammplify might be insolvent and unable to mint 480..960 liquidity to repay to the user, because it will have a different tokens distribution from the required one, and won't have fees which uniswap position earned.
Alpha: try to check all flows within the contract, and write down if it gets too complicated, to make sure the accounting always adds up.
Conclusion
This finding would earn you $1196, and the key to get it right is going through the flow and making sure all the accounting is well tracked. In this case, there was a missing minting liquidity action.