# Access Control Bug in Beluga Protocol

**Published by:** [sayan](https://paragraph.com/@sayan-2/)
**Published on:** 2023-07-23
**URL:** https://paragraph.com/@sayan-2/access-control-bug-in-beluga-protocol

## Content

Finding DetailsThe emergencyWithdraw function in 2 of their contracts had internal visibility , which would mean that no one could’ve called the emergencyWithdraw function during the situation of emergency.ResponseI submitted 2 reports(as low severity findings) on June 16 and the Protocol closed one after a week saying thiswas kinda unsatisfied with their reasoning,so I asked for Immunefi’s mitigation and they said it was “lack of functionality” rather than a “vulnerability” .Beluga closed my another report after 27 days saying that it was “out of scope”(which ,as per my understanding ,was in fact in scope). On July 22 Immunefi informed that the Protocol is removed from Immunefi because it ghosted whitehats and the Immunefi team.

## Publication Information

- [sayan](https://paragraph.com/@sayan-2/): Publication homepage
- [All Posts](https://paragraph.com/@sayan-2/): More posts from this publication
- [RSS Feed](https://api.paragraph.com/blogs/rss/@sayan-2): Subscribe to updates