Report Date
May 4, 2024
Status
Closed
Payout
An API key is being leaked through a JavaScript file hosted on app.bean.money, allowing unauthorized access to company resources via the Snapshot API documentation.
‣
Immunefi Response
Immunefi has reviewed this vulnerability report and decided to close since being out of scope for Beanstalk bug bounty program.
- claimed impact by the whitehatÂ
is not in scope for the bug bounty program- claimed asset by the whitehat is in scope for the bug bounty program
- PoC has been submitted to the project
- claimed severity is in scope for the bug bounty program
The project will now be automatically subscribed and receive a report of the closed submission and can evaluate if they are interested in re-opening it. However, note that they are not under any obligation to do so.