Beanstalk Notion
Beanstalk Notion
/
🪲
Bug Reports
/
BIC Notes
/
📄
Report #35410
📄

Report #35410

Report Date
September 21, 2024
Status
Closed
Payout

Security Test Results Stored Insecurely

‣
Report Info

Report ID#35410

Report type

Websites and Applications

Has PoC?

Yes

Target

https://basin.exchange

Impacts

  • Wells (Basin) Audit Report in Public

Description

The results of the security test conducted by Cyfrin are being kept publicly accessible. This report, which compiles sensitive data for the company, poses a danger due to its insecure storage.

Link: https://basin.exchange/cyfrin-basin-audit.pdf

The security test has revealed important vulnerabilities, such as methods for exploiting protocols. Even if these issues have been fixed, providing a hacker with that information could lead to the vulnerabilities being escalated and re-exposed at any moment.

Proof of concept

Leaked security report results;

Issues Found
Critical Risk 0
High Risk 4
Medium Risk 2
Low Risk 3
Informational 18
Gas Optimizations 2
Total Issues 29

Immunefi Response

Immunefi has reviewed this vulnerability report and decided to close since being out of scope for Beanstalk bug bounty program.
  • claimed impact by the whitehat is not in scope for the bug bounty program
  • claimed asset by the whitehat is in scope for the bug bounty program
  • claimed severity is not in scope for the bug bounty program

The project will now be automatically subscribed and receive a report of the closed submission and can evaluate if they are interested in re-opening it. However, note that they are not under any obligation to do so.