Description

Moralis is a blockchain technology platform providing developers with backend infrastructure for building and scaling decentralized applications (dapps). This page is a safe way for you to communicate found bugs in a responsible way. All contributions are highly appreciated.

Bounties

This is a responsible disclosure program without bounties.

Rules of engagement
Not applicable
Not applicable
Not applicable
Not applicable

By participating in this program, you agree to:

  • Respect the Community Code of Conduct
  • Respect the Intigriti Terms and Conditions
  • Respect the scope of the program
  • Not discuss or disclose vulnerability information without prior written consent (including PoC's on YouTube and Vimeo)
Domains

*.bigmoralis.com

No bounty
URL

*.grandmoralis.com

No bounty
URL

*.moralis-internal.io

No bounty
URL

*.moralis-streams.com

No bounty
URL

*.moralis.io

No bounty
URL

*.moralisapp.com

No bounty
URL

*.moralishost.com

No bounty
URL

*.moralismoney.com

No bounty
URL

*.moralisweb3.com

No bounty
URL

*.usemoralis.com

No bounty
URL

academy.moralis.io

Out of scope
URL

docs.moralis.io

Out of scope
URL

forum.moralis.io

Out of scope
URL

merch.moralis.io

Out of scope
URL

roadmap.moralis.io

Out of scope
URL

status.moralis.io

Out of scope
URL

studygroup.moralis.io

Out of scope
URL

talent.moralis.io

Out of scope
URL
In scope

We at Moralis are fully commited to ensuring the highest security for our clients and partners. Working together with the security research community is an important part of our mission to ensure the security of our services. If you have information about a vulnerability in a Moralis website or web application, we want to hear from you!

This Vulnerability Disclosure Form is a safe channel where you can share your findings in case you have discovered a critical vulnerability.

Out of scope

Application

  • Session not expiring after password reset
  • Weak password policy
Severity assessment

This program follows Intigriti's contextual CVSS standard

FAQ

Where can we get credentials for the app?

You can self-register at https://moralis.io. Please use your intigriti.me account.

Can I get a paying account?

No, in this VDP we are not providing paying accounts.

All aboard!
Please log in or sign up on the platform

For obvious reasons we can only allow submissions or applications for our program with a valid Intigriti account.

It will only take 2 minutes to create a new one or even less to log in with an existing account, so don't hesitate and let's get started. We would be thrilled to have you as part of our community.

Researchers
last contributors
logo
logo
logo
logo
logo
logo
leaderboard
logo
logo
logo
logo
logo
logo
Last 90 day response times
avg. time first response
< 2 days
avg. time to decide
< 2 days
avg. time to triage
< 2 days
Activity
11/29
Moralis
closed a submission
11/28
Moralis
closed a submission
11/28
Moralis
accepted a submission
11/27
logo
created a submission
11/27
logo
created a submission
11/26
logo
created a submission
11/24
Moralis
changed the domains
11/24
Moralis
changed the domains
11/23
Moralis
changed the out of scope
11/23
Moralis
changed the domains