Report #24107

Weak access control in function claimFertilized leads to theft of unclaimed yield.

BIC Response

This is not a valid but report as the POC does not showcase anything relevant. It is not proof of an issue that the attacker has a large Ether balance after calling claimFertilized. The claimFertilized function does not transfer any Ether (just Beans), so it's unclear why this evidence is used as a valid POC.

The recommended solution is simply to replace all instances of msg.sender with a new user argument that is validated to be the the same as msg.sender, so its unclear how this change would make a difference.

Due to these reasons, we are closing the submission and no reward will be issued.