Malicious users can delete plots from other users if they have `podOrder.minFillAmount == 0`
BIR-16: Plot Deletion
BIC Response
It appears there are two open Pod Orders with a minFillAmount of 0. One of the orders is not vulnerable because they do not have any Plots before the order's maxPlaceInLine. However, the other order has about 80k Pods.
We have changed the severity of the report to Medium as the most accurate impact in scope to describe this issue would be Griefing (e.g. no profit motive for an attacker, but damage to the users or the protocol). This is because the attacker has nothing to gain by doing this, and furthermore Pods are simply illiquid value in contract storage—any "attack" could easily be reversed.
Given the exploitability of the issue, the BIC has determined that this bug report be rewarded the maximum reward for Medium severity reports of 10k Beans.