Beanstalk Notion

/

/

/

📄

Report #24860

Report Date

October 13, 2023

Status

Closed

Payout

attacker will steal funds

‣

Report Info

Report ID

#24860

Report type

Smart Contract

Has PoC?

Yes

Target

https://etherscan.io/address/0xBA510e11eEb387fad877812108a3406CA3f43a4B

Impacts

Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield

Description

Bug Description- smart contract will permanently lose funds

Impact- loss of funds

Proof of concept

Step-1- Call the skim function of the smart contract,function will execute without permission. parameter-1-recipient-address to send funds

Code- const { expect } = require("chai"); const { hexlify } = require("ethers/lib/utils"); const { ethers } = require("hardhat");

BIC Response

This is not a valid bug report because this is intended use of the skim function and it's unclear what the reported vulnerability is intended to be. skim will only transfer excess tokens held by the Well to the recipient address.

Due to these reasons, we are closing the submission and no reward will be issued.