Report #25610

sends funds to arbitrary user

Immunefi Response

Immunefi has reviewed this vulnerability report and decided to close since being out of scope for Beanstalk bug bounty program.

• claimed impact by the whitehat is in scope for the bug bounty program
• claimed asset by the whitehat is in scope for the bug bounty program
• PoC has not been submitted to the project
• claimed severity is in scope for the bug bounty program

Since this bug bounty program does not require Immunefi's triaging, note that Immunefi does not:

• check if whitehat's claims are factually correct
• check PoC to understand the validity
• assess the submission's severity

These activities are the project's responsibility.

The project will now be automatically subscribed and receive a report of the closed submission and can evaluate if they are interested in re-opening it. However, note that they are not under any obligation to do so.