📄

Report #12707

Report Date
October 23, 2022
Status
Confirmed
Payout
7,500

Marketplace subject to sustained cancellation of all Pod listings

‣
Report Info

BIR-1: Pod Listing Cancellation

BIC Response

Thank you for submitting this vulnerability to us.

The BIC has reviewed your submission and a fix is currently in review by Halborn.

Changing the severity of this bug report from Critical to Medium. The BIC has determined that the bug report does not apply to the Critical Impacts in scope:

  • Any governance voting manipulation;
  • Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield; and
  • Permanent freezing funds.

The Impact of the bug report is best categorized as griefing, which is listed under Medium Impacts in scope.

Based on our bounty page, this submission ( Smart Contract - Medium ) comes with a reward of between $1,000 and $10,000, to be paid in Beans. The Beanstalk Immunefi Committee (BIC) has determined that this particular bug report be rewarded 7,500 Beans.

Halborn Response

Yes, the finding is legit. However, given that this bug would not allow any attacker to steal any funds from users and it is only a form of griefing, we believe that this bug should be marked as Medium We've been able to reproduce the issue in our forked environment:
image