Graphql DOS on the endpoint
BIR-9: Beanstalk Subgraph Mitigatable DoS
BIC Response
After reviewing your bug report, we believe that it is in scope for our bug bounty program and the threat level is High.
Based on our bounty page, this submission's ( Websites and Applications - High ) reward is based on a set of internal criteria established by the BIC (with a minimum reward of USD 1 000), primarily taking into account the exploitability of the bug, the impact it causes and likelihood of the vulnerability presenting itself.
The BIC determined that the impact of this issue is low given the minimal temporary downtime that would be caused by an attack. The report also describes a DDoS attack on the Beanstalk subgraph, not the UI hosted at app.bean.money, which can partially function without the subgraph. For these reasons, the BIC has determined that this bug report be rewarded 1,000 Beans.