M-04 MitigationConfirmed

[code423n4]

Lines of code

Vulnerability details

Comments

The migration update the lastPayout and lastPayoutBal storage in the catch block. So even the melt function revert for the notFrozen check, the FurnaceP1.setRatio can also work normally.

try this.melt() {} catch {
                uint48 numPeriods = uint48((block.timestamp) - lastPayout) / PERIOD;
                lastPayout += numPeriods * PERIOD;
                lastPayoutBal = rToken.balanceOf(address(this));
            }

[c4-judge]

0xean marked the issue as nullified