Bug Reports

A bug bounty program with Immunefi was launched on October 11, 2022. This bug bounty program is focused on the Beanstalk smart contracts and preventing the loss of Farmers’ assets within Beanstalk and other ecosystem smart contracts. The maximum bounty is 1,100,000 Beans.

You can find the bug bounty program and submit bug reports here:

Beanstalk Bug Bounties | Immunefi

Rewards are distributed according to the impact of the vulnerability based on the Immunefi Vulnerability Severity Classification System V2.2. The following is a simplified 3-level scale, focusing on the impact of the vulnerability reported. The complete scope can be found below.

immunefi.com

‣

Info about the Beanstalk Immunefi Committee

In order to be considered for the maximum potential reward, bug reports must come with (1) a Proof of Concept (PoC), and (2) code implementing the fix.

Bug reports that do not come with a PoC and code implementing a fix may qualify for a maximum of up to 30% of the potential reward outlined below, as determined by the Beanstalk Immunefi Committee (BIC). You can read more about the BIC here:

All vulnerabilities noted in any Halborn audit reports or the Trail of Bits audit report (or otherwise known by the BIC or BCM) are not eligible for a reward.

🌱

Info on how many remaining Beans can be minted for bug bounty payouts can be found here.

The following are notes on each bug report that has come in through Immunefi, the BIC’s response, any supporting information from Halborn, etc. Notes are logged here once 7 days pass after the last reply in a bug report.

If you have questions about anything you see, join the Beanstalk Discord and ask in the (#❓ • questions) channel!

📄

Report #19313

April 17, 2023

Closed

📄

Report #19295

April 16, 2023

Closed

📄

Report #19234

April 15, 2023

Closed

📄

Report #19211

April 14, 2023

Closed

📄

Report #19172

April 14, 2023

Closed

📄

Report #19136

April 13, 2023

Closed

📄

Report #19105

April 12, 2023

Closed

📄

Report #18840

April 8, 2023

Closed

📄

Report #18646

April 5, 2023

Closed

📄

Report #17030

February 17, 2023

Closed

📄

Report #16898

February 13, 2023

Closed

📄

Report #16534

January 31, 2023

Closed

📄

Report #15579

January 6, 2023

Closed

📄

Report #15045

December 22, 2022

Closed

📄

Report #14917

December 18, 2022

Closed

📄

Report #14849

December 17, 2022

Closed

📄

Report #14848

December 17, 2022

Closed

📄

Report #14808

December 16, 2022

Closed

📄

Report #14504

December 9, 2022

Closed

📄

Report #14304

December 5, 2022

Closed

📄

Report #14048

December 1, 2022

Closed

📄

Report #13942

November 26, 2022

Closed

📄

Report #13921

November 25, 2022

Closed

📄

Report #13773

November 20, 2022

Closed

📄

Report #13738

November 19, 2022

Confirmed

📄

Report #13513

November 14, 2022

Confirmed

📄

Report #13511

November 14, 2022

Closed

📄

Report #13489

November 13, 2022

Closed

📄

Report #13461

November 12, 2022

Confirmed

📄

Report #13438

November 12, 2022

Closed

📄

Report #13262

November 7, 2022

Closed

📄

Report #12997

October 30, 2022

Closed

📄

Report #12981

October 30, 2022

Closed

📄

Report #12832

October 25, 2022

Closed

📄

Report #12785

October 24, 2022

Closed

📄

Report #12739

October 23, 2022

Closed

📄

Report #12707

October 23, 2022

Confirmed

📄

Report #12593

October 20, 2022

Closed

📄

Report #12580

October 20, 2022

Closed

📄

Report #12539

October 18, 2022

Closed

📄

Report #12523

October 18, 2022

Closed

📄

Report #12481

October 16, 2022

Closed

📄

Report #12473

October 16, 2022

Closed

📄

Report #12421

October 14, 2022

Closed

📄

Report #12420

October 14, 2022

Closed

📄

Report #12351

October 12, 2022

Closed

📄

Report #12333

October 11, 2022

Closed

Bug Reports

Beanstalk Bug Bounties | Immunefi

BIC Notes