Report Date
July 31, 2023
Status
Closed
Payout
Permanent Loss of funds due to dependent on single owner address [ Critical ]
‣
BIC Response
This is not a valid bug report because centralization risks are explicitly out of scope, as stated in the bug bounty program. Additionally, the owner address of Beanstalk is 0xa9bA2C40b263843C04d344727b954A545c81D043, which is a 5-of-9 multisig documented here: https://docs.bean.money/almanac/governance/beanstalk/bcm-process.
Due to these reasons, we are closing the submission and no reward will be issued.