Report Date
August 13, 2024
Status
Closed
Payout
Critical Vulnerability in Pipeline Contract: Direct Theft of Funds
‣
Immunefi Response
Unfortunately, after reviewing your report, Immunefi has decided to close it due to the assessed impact being out of scope.Immunefi review:
- The claimed impact "Direct theft of any user funds, whether at-rest or in-motion, other than unclaimed yield" by the whitehat
is in scopeof the bug bounty program but the assessed impact doesn't match with the claimed impact for the following reasons.
- https://etherscan.io/address/0xb1bE0000C6B3C62749b5F0c92480146452D15423#code#F12#L8: As per the comment, the reported issue is an expected behavior and no evidence has been provided to demonstrate how it could lead to direct theft of funds within the context of the Beanstalk protocol contracts.
- assessed asset by the triage team
is in scopefor the bug bounty program- PoC
hasbeen submitted to the projectPlease note that the project will receive a report of the closed submission and may choose to re-open it, but they are not obligated to do so.