M-02 MitigationConfirmed

[code423n4]

Lines of code

Vulnerability details

The mitigation adds a new function, getTotalBalance(), to get all the lp tokens staked in the CVX and others left in the staker:

    function getTotalBalance() public view returns(uint256 balance) {
      unchecked {
        balance = stakedBalance() + clpToken.balanceOf(address(this));
      }
    }

And every stakedBalance() function call in the AMO2.sol has been replaced by getTotalBalance(). This removes all calculation errors and makes sense.

[c4-judge]

kirk-baird marked the issue as satisfactory