diff --git a/certora/mutations/033_withdrawByRecipient_auth_bypass.patch b/certora/mutations/033_withdrawByRecipient_auth_bypass.patch
new file mode 100644
index 0000000..0fcfd7f
--- /dev/null
+++ b/certora/mutations/033_withdrawByRecipient_auth_bypass.patch
@@ -0,0 +1,13 @@
+diff --git a/contracts/Vault.sol b/contracts/Vault.sol
+index 8433a08..e7e012d 100644
+--- a/contracts/Vault.sol
++++ b/contracts/Vault.sol
+@@ -236,7 +236,7 @@ contract Vault is VaultBase, Pausable, Ownable {
+     AccountId accountId
+   ) public {
+     (address holder, ) = Accounts.decodeId(accountId);
+-    require(msg.sender == holder, VaultOnlyAccountHolder());
++    // require(msg.sender == holder, VaultOnlyAccountHolder());
+     _withdraw(controller, fund, accountId);
+   }
+