Report #12739

SOLIDITY INCORRECT ACCESS CONTROL

BIC Response

This is not a security bug report because it is intended behavior that a user can burn anyone else's tokens as long as the owner of the tokens signed the allowance. A user can also burn any Beans they want, as long as they own the tokens.

Due to these reasons, we are closing the submission and no reward will be issued.

Halborn Response

Of course, you can burn anyone else's tokens as long as that person signed the allowance. Just like transferFrom(). And sure, you can burn any BEAN you want... As long as you own it.