Report Date
October 20, 2022
Status
Closed
Payout
Critical: Take funds by changing Fee Receiver Address
‣
BIC Response
This submission is related to an out of scope asset: the BEAN:3CRV Curve LP token. Curve pools are not part of Beanstalk and thus not included in the Immunefi bug bounty program. Curve pools are also non-upgradable.
The Beanstalk DAO acknowledges the risk of using Curve and has transparently communicated that here:
https://docs.bean.money/disclosures#12-curve-risk
Due to these reasons, this report is not eligible for a reward.