We are running a Bug Hunter Program for our platform, and all users are eligible to participate! This program encourages users, engineers, developers, and penetration testers to spot and identify technical or security bugs. Help us make Valora safer and more reliable while earning rewards!
We're looking for bugs that affect platform functionality, performance, and user experience:
| Type of Issue | Description | Example / Impact |
|---|---|---|
| System Downtime / Outages | Platform crashes or servers go offline, preventing trades | Users can't place or close trades during volatility β potential financial loss |
| Latency / Slow Execution | Orders take too long to execute | A trader submits a buy order but it executes late at a worse price (slippage) |
| Software Bugs / Glitches | Errors in code cause inaccurate data or order malfunctions | Chart data doesn't match real prices, or wrong position size executed |
| API Failures | External trading bots or integrations stop working properly | Algorithmic trading bots fail to execute strategies correctly |
| Data Feed Errors | Incorrect or delayed market data | Traders make decisions based on outdated prices |
| Mobile App Instability | Mobile platform freezes or disconnects | Missed trading opportunities during travel |
| Scalability Problems | Platform can't handle sudden spikes in traffic | During major market events, the system lags or freezes |
Security is our top priority. We're looking for vulnerabilities that could compromise user data or platform integrity:
| Type of Issue | Description | Example / Impact |
|---|---|---|
| Account Hacking / Credential Theft | Attackers gain access to user accounts | Funds stolen or unauthorized trades made |
| Phishing Attacks | Fake emails or websites trick users into sharing login info | User gives credentials to a fraudulent site |
| Data Breaches | Sensitive user or financial data exposed | Personal information or trading history leaked |
| DDoS Attacks | Attackers overload servers with traffic | Platform becomes unavailable to users |
| Malware / Keyloggers | Malicious software steals data or controls systems | User's login or wallet details captured |
| Insider Threats | Employees misuse access privileges | Data manipulation, insider trading, or theft |
| Weak Authentication / Poor Encryption | Platform doesn't enforce strong security protocols | Easier for hackers to intercept credentials |
| Smart Contract / API Exploits | Vulnerabilities in code allow manipulation of trades or withdrawals | Attackers drain funds from liquidity pools or wallets |
If you are an Ethical Hacker or a Security Penetration Tester and you want to conduct security testing on our platform, you must inform us beforehand so we can grant you permission. Otherwise, that will be considered illegal, and the attempt will be flagged as malicious by our Intrusion Detection System. Law enforcement will get involved in such cases.
The identified bug, whether a technical or security issue, must be well documented outlining:
After identifying a bug or security threat, you need to send us a query through our Help Page. After processing your request and verifying if the actual bug or security threat exists, we will accept or deny your application.
Note: Denial will be based on our staff involved in the category of the identified issue:
If they decide that your submitted request of the identified issue doesn't exist or is misrepresented, the request will be denied.
Whether it was accidental or not, our Bug Hunter Program grants an equal opportunity for everyone! You will still be rewarded after we process your application and verify the bug. We appreciate all contributions to making Valora better and safer.
Have questions? Contact us through the Help page