Description

Moralis is a blockchain technology platform providing developers with backend infrastructure for building and scaling decentralized applications (dapps). This page is a safe way for you to communicate found bugs in a responsible way. All contributions are highly appreciated.

Bounties

This is a responsible disclosure program without bounties.

Rules of engagement
Required
Not applicable
Not applicable
Not applicable

By participating in this program, you agree to:

  • Respect the Community Code of Conduct
  • Respect the Intigriti Terms and Conditions
  • Respect the scope of the program
  • Not discuss or disclose vulnerability information without prior written consent (including PoC's on YouTube and Vimeo)
Domains

*.bigmoralis.com

No bounty
Wildcard

*.grandmoralis.com

No bounty
Wildcard

*.moralis-internal.io

No bounty
Wildcard

*.moralis-streams.com

No bounty
Wildcard

*.moralis.io

No bounty
Wildcard

*.moralisapp.com

No bounty
Wildcard

*.moralishost.com

No bounty
Wildcard

*.moralismoney.com

No bounty
Wildcard

*.moralisweb3.com

No bounty
Wildcard

*.usemoralis.com

No bounty
Wildcard
URL
Out of scope
URL
Out of scope
URL
Out of scope
URL
URL
Out of scope
URL
URL
Out of scope
URL
In scope

We at Moralis are fully commited to ensuring the highest security for our clients and partners. Working together with the security research community is an important part of our mission to ensure the security of our services. If you have information about a vulnerability in a Moralis website or web application, we want to hear from you!

This Vulnerability Disclosure Form is a safe channel where you can share your findings in case you have discovered a critical vulnerability.

Feedback
Would you like to help us improve our program or have some feedback to share, please send your anonymous feedback here:
Program feedback link
Please note this form will be checked periodically and should not be used for submission or support queries.

Out of scope

Application

  • Session not expiring after password reset
  • Weak password policy
  • API key disclosure without proven business impact
Severity assessment

This program follows Intigriti's contextual CVSS standard

FAQ

Where can we get credentials for the app?

You can self-register at https://moralis.io. Please use your intigriti.me account.

Can I get a paying account?

No, in this VDP we are not providing paying accounts.

All aboard!
Please log in or sign up on the platform

For obvious reasons we can only allow submissions or applications for our program with a valid Intigriti account.

It will only take 2 minutes to create a new one or even less to log in with an existing account, so don't hesitate and let's get started. We would be thrilled to have you as part of our community.

Last 90 day response times
avg. time first response
< 24 hours
avg. time to decide
< 5 days
avg. time to triage
< 3 days
Activity
12/18
Moralis
closed a submission
12/15
logo
kabi_777
created a submission
12/12
Moralis
closed a submission
12/9
logo
ferreiraklet
created a submission
11/27
Moralis
closed a submission
11/27
Moralis
closed a submission
11/26
logo
mdr01
created a submission
11/26
logo
mdr01
created a submission
10/26
Moralis
accepted a submission
10/23
Moralis
closed a submission