Report Date
November 23, 2023
Status
Closed
Payout
Attacker Can Drain all Excess Tokens In the Well contract Repeatedly
‣
BIC Response
This is not a valid bug report because it describes expected behavior. As explained in the PoC:
Step a- A User named bob sends tokens directly to the well contract or the beanstalk protocol itself directly transfers large volumes of tokens to the well contract by error.
It is intended functionality that skim
 can remove excess tokens sent to the Well.
Due to these reasons, we are closing the submission and no reward will be issued.