sends funds to arbitrary user
Report ID
#25610
Report type
Smart Contract
Has PoC?
No
Target
Impacts
Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield
Description
LibEth.refundEth() (contracts/libraries/Token/LibEth.sol line 16-26) sends eth to arbitrary user
Unprotected call to a function sending funds to an arbitrary address.
Impact
loss of funds
Risk Breakdown
Difficulty to Exploit: Easy
Recommendation
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Immunefi Response
Immunefi has reviewed this vulnerability report and decided to close since being out of scope for Beanstalk bug bounty program.
- claimed impact by the whitehat is in scope for the bug bounty program
- claimed asset by the whitehat is in scope for the bug bounty program
- PoCÂ
has not been submitted to the project- claimed severity is in scope for the bug bounty program
Since this bug bounty program does not require Immunefi's triaging, note that Immunefi does not:
- check if whitehat's claims are factually correct
- check PoC to understand the validity
- assess the submission's severity
These activities are the project's responsibility.
The project will now be automatically subscribed and receive a report of the closed submission and can evaluate if they are interested in re-opening it. However, note that they are not under any obligation to do so.