sends funds to arbitrary user
Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield
LibEth.refundEth() (contracts/libraries/Token/LibEth.sol line 16-26) sends eth to arbitrary user
Unprotected call to a function sending funds to an arbitrary address.
loss of funds
Difficulty to Exploit: Easy
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Immunefi has reviewed this vulnerability report and decided to close since being out of scope for Beanstalk bug bounty program.
- claimed impact by the whitehat is in scope for the bug bounty program
- claimed asset by the whitehat is in scope for the bug bounty program
has not been submittedto the project
- claimed severity is in scope for the bug bounty program
Since this bug bounty program does not require Immunefi's triaging, note that Immunefi does not:
- check if whitehat's claims are factually correct
- check PoC to understand the validity
- assess the submission's severity
These activities are the project's responsibility.
The project will now be automatically subscribed and receive a report of the closed submission and can evaluate if they are interested in re-opening it. However, note that they are not under any obligation to do so.