Immunefi
Immunefi
Back to Explore
Beethoven X-logo

Beethoven X

Beethoven X aims to be a one-stop decentralized investment platform for DeFi. We leverage the best in breed DeFi protocols to offer novel decentralized investment strategies. Built on Balancer V2, Beethoven X is the first next-generation AMM protocol on Fantom and Optimism.

Fantom
Optimism
Defi
AMM
DEX
Liquid Staking
Token
Solidity
Maximum Bounty
$200,000
Live Since
16 September 2022
Last Updated
18 November 2024

  • PoC required

Submit a Bug
InformationScopeResources

Select the category you'd like to explore

Assets in Scope

Target
Type
Smart Contract - Beets Token
Added on
16 September 2022
Target
Type
Smart Contract - MasterChef
Added on
16 September 2022
Target
Type
Smart Contract - Timelock (MasterChef Owner)
Added on
16 September 2022
Target
Type
Smart Contract - BeetsBar (fBEETS)
Added on
16 September 2022
Target
Type
Smart Contract - MasterChef Operator
Added on
16 September 2022
Target
Type
Websites and Applications - Main Web App
Added on
16 September 2022
Target
Type
Websites and Applications - Backend services
Added on
16 September 2022

Impacts in Scope

Severity
Critical
Title

Direct theft of >1% of user funds, other than unclaimed yield, in excess of gas costs or swap fees

Severity
Critical
Title

Permanent freezing of >1% of total funds in excess of gas costs or swap fees

Severity
Critical
Title

Direct theft of >1% of total user funds

Severity
Critical
Title

Malicious interactions with an already-connected wallet such as modifying transaction arguments or parameters, substituting contract addresses, submitting malicious transactions

Severity
High
Title

Theft of >1% of total unclaimed yield

Severity
High
Title

Permanent freezing of >1% of total unclaimed yield

Severity
High
Title

Execute arbitrary system commands

Severity
High
Title

Domain takeover

View rewards

Out of scope

Program's Out of Scope information
  • Best practice critiques
Default Out of Scope and rules

Smart Contract specific

  • Incorrect data supplied by third party oracles
    • Not to exclude oracle manipulation/flash loan attacks
  • Impacts requiring basic economic and governance attacks (e.g. 51% attack)
  • Lack of liquidity impacts
  • Impacts from Sybil attacks
  • Impacts involving centralization risks

All categories

  • Impacts requiring attacks that the reporter has already exploited themselves, leading to damage
  • Impacts caused by attacks requiring access to leaked keys/credentials
  • Impacts caused by attacks requiring access to privileged addresses (including, but not limited to: governance and strategist contracts) without additional modifications to the privileges attributed
  • Impacts relying on attacks involving the depegging of an external stablecoin where the attacker does not directly cause the depegging due to a bug in code
  • Mentions of secrets, access tokens, API keys, private keys, etc. in Github will be considered out of scope without proof that they are in-use in production
  • Best practice recommendations
  • Feature requests
  • Impacts on test files and configuration files unless stated otherwise in the bug bounty program
  • Impacts requiring phishing or other social engineering attacks against project's employees and/or customers
Severity
Min. - Max.
Critical
$15k -$200k
High
$5k -$20k
Total Assets in Scope
7
Total Impacts in Scope
8