TradingView Bug賞金計劃

如果您發現了安全漏洞並想向我們報告,請發送電子郵件至

The scope of the program

We offer rewards for reports about security vulnerabilities in our services, infrastructure, web and mobile applications

Your research can cover:

Tradingview.com as well subdomains
Native iOS app
Native Android app
Charting Library and Trading Terminal

Rewards

Your reward will depend on the vulnerability discovered as well as its security impact. See details below.
up to$1500
Vulnerability affects our entire service
  • Remote code execution (RCE)
  • Gaining administrator access
  • 有顯著影響的漏洞
  • Unrestricted access to local files or databases
  • Server side request forgery (SSRF)
  • Critical information disclosure
up to$700
Vulnerability does not require user interaction and affects many users
  • Stored Cross-Site Scripting (XSS) with significant impact
  • An authentication bypass that allows change of user data or access to private data
  • Insecure Direct Object References (IDOR)
up to$300
Vulnerability requires user interaction or affects individual users
  • Cross-Site Scripting (XSS), except self-XSS
  • Cross-Site Request Forgery (CSRF)
  • URL redirection
  • User reputation manipulation
Note that reward amounts can be different. An actual reward may vary depending on the severity, genuineness and exploitation possibilities of bugs as well as the environment and other factors that affect the security.

輔助服務(例如維基、部落格)的漏洞以及非線上產品環境(例如 'beta'、'staging'、'demo' 等)的漏洞,只有在它們整體上影響我們的服務或可能導致敏感的用戶資料洩漏時才會得到獎勵。

You will need a PayPal ID as we use PayPal to issue rewards.

You will NOT receive a reward for the discovery of the following vulnerabilities:

  • You are not the first one to report this vulnerability;
  • Vulnerabilities in user's software or vulnerabilities that require full access to user’s software, account/s, email, phone etc.;
  • Vulnerabilities or leaks in third-party services;
  • Vulnerabilities or old versions of third party software/protocols, missed protection as well as a deviation from best practices that doesn’t create a security threat;
  • Vulnerabilities with no substantial security impact or exploitation possibility;
  • Vulnerabilities that require the user to perform unusual actions;
  • Disclosure of public or non-sensitive information;
  • Homograph attacks;
  • Vulnerabilities that require rooted, jailbroken or modified devices and applications.

規則

  1. 在您收到我們的許可之前,您不應該揭露此錯誤。請耐心等待,因為報告會在兩週內審核,我們需要時間來修復錯誤。
  2. 錯誤報告應包括已發現漏洞的詳細說明,以及為重現漏洞而需要採取的步驟或可執行的概念驗證。如果您未描述漏洞詳細訊息,則可能需要很長時間才能審核報告和/或可能導致拒絕您的報告。
  3. You should not use automated tools and scanners to find vulnerabilities as such reports will not be reviewed.
  4. You should not perform any attack that could damage our services or data including client data. DDoS, spam, brute force attacks are not permitted.
  5. 未經他們的明確同意,您不得涉及其他用戶。
  6. 您不應執行或嘗試對我們的員工、用戶、或基礎架構執行社交工程、網絡釣魚或物理攻擊等非技術攻擊。
首頁 股票篩選器 外匯篩選器 加密貨幣篩選器 全球財經日曆 如何運作 圖表功能 價格 網站規則 版主 網站 & 經紀商解決方案 小工具 圖表解決方案 幫助中心 功能請求 部落格 & 新聞 常見問題 維基 推特
概述 個人資料設定 賬戶和賬單 TradingView幣 我的客服工單 幫助中心 發表的想法 粉絲 正在關注 私人訊息 在線聊天 登出