Report #34271

Delegatecall Vulnerability in Fallback Function Leads to Arbitrary Code Execution

Immunefi Response

Unfortunately, after reviewing your report, Immunefi has decided to close it due to the assessed impact being out of scope.

Immunefi review:

• The claimed impact "Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield" by the whitehat is in scope of the bug bounty program but the assessed impact doesn't match with the claimed impact for the following reasons.
• If an attacker can register a malicious facet..
• No evidence has been provided to show how an attacker can introduce a malicious facet.
• assessed asset by the triage team is in scope for the bug bounty program
• PoC has not been submitted to the project

Please note that the project will receive a report of the closed submission and may choose to re-open it, but they are not obligated to do so.