The emergencyWithdraw function in 2 of their contracts had internal visibility ,

which would mean that no one could’ve called the emergencyWithdraw function during the situation of emergency.

I submitted 2 reports(as low severity findings) on June 16 and the Protocol closed one after a week saying this

was kinda unsatisfied with their reasoning,so I asked for Immunefi’s mitigation and they said it was “lack of functionality” rather than a “vulnerability” .

Beluga closed my another report after 27 days saying that it was “out of scope”(which ,as per my understanding ,was in fact in scope).

On July 22 Immunefi informed that the Protocol is removed from Immunefi because it ghosted whitehats and the Immunefi team.