Error in time-weighted deltaB calculation on BEAN:ETH pool
BIR-6: Instantaneous ETH/USD Price
BIC Response
After reviewing your bug report, we believe that it is in scope for our bug bounty program and the threat level is High.
Based on our bounty page, this submission's ( Smart Contract - High ) reward is capped at the lower of (a) 10% of practicable economic damage, or (b) USD 100 000, with a minimum reward of USD 10 000, to be paid in Beans. Bug reports that do not come with a PoC and code implementing a fix may qualify for a maximum of up to 30% of said reward.
The BIC determined that it is not possible to calculate the funds at risk or practicable economic damage for this issue given that it is not exploitable by a malicious actor and is only realized via ETH price changes (and excess Beans != economic damage).
However, despite the fact that this issue is not exploitable by a malicious actor, and that the report does not include lack of code implementing a fix (which is understandable given that it wasn't clear what the issue was prior to discussion with the developer of the code), the BIC has determined that this particular bug report be rewarded 10,000 Beans.