Build your kingdom. We’ll secure it.

Traders come to The Funded Trader to build their kingdom. That’s why we invest in leading technology and data security infrastructure, protocols, and programs to ensure their kingdoms are as secure as possible. Each year, we conduct a full-scale penetration test and vulnerability scan that catches potential security vulnerabilities. We also offer a Vulnerability Disclosure Program where we empower our community to submit any potential security issues we may have missed and receive a possible bounty reward in exchange. Learn more about our Vulnerability Disclosure Program below.

Report a Security Vulnerability

Vulnerability Disclosure Guidelines

The Funded Trader is a rapidly growing and security-driven company. We believe in delivering our simulated trading technology with the least risk and threat associated with each public-facing TFT resource/service.

If you are interested in finding technical application and workflow issues that can be exploited, we appreciate your help. We recommend submitting such issues as soon as possible.

Our team will investigate the security reports and resolve the issue within a reasonable time frame. We offer a monetary bounty for legitimate security reports based on their severity, complexity, and impact via the BugCrowd platform as a token of appreciation.

Guidelines

  • Adherence to TFT’s Disclosure Policy
  • Provide necessary assistance to Branch to replicate the issue and mitigate relevant security issues.
  • Automated tool’s vulnerability reports are not accepted as a valid submission
  • Intensive automated scans must not negatively impact any or all of TFT’s services availability.
  • Automated vulnerability scanning tools or scanned reports are prohibited.
  • In the case of duplicate reports, the first report would be considered a valid submission.
    • Do not intentionally harm the experience or usefulness of the service to others, including degradation of services and denial of service attacks.
    • Do not attempt to view, modify, or damage data belonging to others.
    • Do not disclose the reported vulnerability to others until we’ve had reasonable time to address it.
    • Do not attempt to gain access to another users account or data.
    • Do not attempt non-technical attacks such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure.

Scope for TFT’s Bug Bounty Program

Breach of our program’s terms

The expectation is to respect all the terms and conditions of The Funded Trader’s Bug Bounty Program. Non-adherence or non-compliance will lead to disqualification. A serious breach may also lead to suspension of the account and existing access controls.