Report Date
April 26, 2024
Status
Closed
Payout
basin.exchange is vulnerable to clickcjacking attack
‣
Immunefi Response
Thank you for your submission to the Beanstalk bug bounty program. Unfortunately, after reviewing your report, Immunefi has decided to close it due to the assessed impact being out of scope.Immunefi review:
- The claimed impact by the whitehat is in scope of the bug bounty program but the assessed impact doesn't match with the claimed impact for the following reasons.
- The described issue falls under the category of Impacts related to missing HTTP Security Headers (such as X-FRAME-OPTIONS), as the whitehat hasn't provided sufficient information on how iframing the homepage can lead to malicious transactions without the victim connecting their wallet on the attacker-controlled website.
- The assessed asset IS in scope for the bug bounty program
- PoC hasn't been submitted to the project
Please note that the project will receive a report of the closed submission and may choose to re-open it, but they are not obligated to do so.