Report Date
May 16, 2024
Status
Closed
Payout
Unauthorized access allows to execute graphQL queries
‣
Immunefi Response
Thank you for your submission to the Beanstalk bug bounty program. Unfortunately, after reviewing your report, Immunefi has decided to close it due to the assessed impact being out of scope.Immunefi review:
- The claimed impact Taking state-modifying authenticated actions (with or without blockchain state interaction) on behalf of other users without any interaction by that user, such as voting in governance
by the whitehat
is in the scopeof the bug bounty program but the assessed impact doesn't match with the claimed impact for the following reasons.
- Whitehat didn't provided enough information on how the described issue would lead to the claimed impact where the claims are exploited to access sensitive information, modify data, or execute arbitrary code within the context of the affected system
- assessed asset by the triage team
is in scopefor the bug bounty program- PoC
hasbeen submitted to the projectPlease note that the project will receive a report of the closed submission and may choose to re-open it, but they are not obligated to do so.