Flame.Exchange official feedback & review thread

[AtomicLemon_]

Reply with feedback, reviews, comments, or anything you want to write about Flame.Exchange

[mk4]

1. I don't like committing domain discrimination knowing how hard it is to get decent .com domains, but having an exchange domain "flame.exchange" is a red flag for me.
2. While I do love exchanges without KYC, straight-off advertising your exchange with "Trade freely and anonymously without the imposition of KYC" is something else. It's either it's a scam, or it's an unregistered business. Regardless, a red flag.
3. You don't even have an "about" page.

While I'm not saying that this is 100% a scam, I wouldn't touch it.

One good thing I can say though, is that I sort of like the UI.

[Potato Chips]

4. Lack of user reviews despite being in business since 2018
5. Copied TOS from binance (https://archive.is/Rf97Y | Binance's)
6. I'm not sure if they're on maintenance or sth but I'm only seeing one trading pair... it took me a few tries to access the website, it kept giving '404 page not found'
7. No privacy policy (or missing?)

🚶‍♂️

[BitMaxz]

Additional from the above posts.
You are using 3rd party CMS which is not safe for the exchange site.

Here's the other information:

Code:

CMS: Express
Build with: Node.js

Security Headers
Missing security header for ClickJacking Protection. Alternatively, you can use Content-Security-Policy: frame-ancestors 'none'.

Missing security header to prevent Content-Type sniffing.

Missing Strict-Transport-Security security header.

Missing Content-Security-Policy directive. We recommend to add the following CSP directives (you can use default-src if all values are the same): script-src, object-src, base-uri, frame-src

You will need to fix these security issues.


You don't even have FAQ and Support.

Well, I think this website still in beta testing? And you are looking for real people to test your website?

Another info:
Your website is connected to another website that uses the same IP.

Code:

batterymonster.com
cbcnewspaper.com
flame.exchange
panasonic.factoryoutletstore.com
when.com
www.jetsgearonline.com
www.kingwoodonline.com
www.oncompetitionpolicy.com
www.refresharts.com

So it means you are not using a dedicated IP(Cloudflare DNS).

And you are using free universal SSL from Cloudflare

Code:

Common name: sni.cloudflaressl.com
SANs: *.flame.exchange, sni.cloudflaressl.com, flame.exchange
Organization: Cloudflare, Inc.
Location: San Francisco, CA, US
Valid from October 25, 2019 to October 9, 2020
Serial Number: 068f197f80ea53d8b1cc70f9715c90a0
Signature Algorithm: ecdsa-with-SHA256
Issuer: CloudFlare Inc ECC CA-2	
	 
Common name: CloudFlare Inc ECC CA-2
Organization: CloudFlare, Inc.
Location: San Francisco, CA, US
Valid from October 14, 2015 to October 9, 2020
Serial Number: 0ff3e61639aa3d1a1265f41f8b34e5b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: Baltimore CyberTrust Root

[AtomicLemon_]

1. I don't like committing domain discrimination knowing how hard it is to get decent .com domains, but having an exchange domain "flame.exchange" is a red flag for me.
2. While I do love exchanges without KYC, straight-off advertising your exchange with "Trade freely and anonymously without the imposition of KYC" is something else. It's either it's a scam, or it's an unregistered business. Regardless, a red flag.
3. You don't even have an "about" page.

While I'm not saying that this is 100% a scam, I wouldn't touch it.

One good thing I can say though, is that I sort of like the UI.

4. Lack of user reviews despite being in business since 2018
5. Copied TOS from binance (https://archive.is/Rf97Y | Binance's)
6. I'm not sure if they're on maintenance or sth but I'm only seeing one trading pair... it took me a few tries to access the website, it kept giving '404 page not found'
7. No privacy policy (or missing?)

🚶‍♂️

Additional from the above posts.
You are using 3rd party CMS which is not safe for the exchange site.

Here's the other information:

Code:

CMS: Express
Build with: Node.js

Security Headers
Missing security header for ClickJacking Protection. Alternatively, you can use Content-Security-Policy: frame-ancestors 'none'.

Missing security header to prevent Content-Type sniffing.

Missing Strict-Transport-Security security header.

Missing Content-Security-Policy directive. We recommend to add the following CSP directives (you can use default-src if all values are the same): script-src, object-src, base-uri, frame-src

You will need to fix these security issues.


You don't even have FAQ and Support.

Well, I think this website still in beta testing? And you are looking for real people to test your website?

Another info:
Your website is connected to another website that uses the same IP.

Code:

batterymonster.com
cbcnewspaper.com
flame.exchange
panasonic.factoryoutletstore.com
when.com
www.jetsgearonline.com
www.kingwoodonline.com
www.oncompetitionpolicy.com
www.refresharts.com

So it means you are not using a dedicated IP(Cloudflare DNS).

And you are using free universal SSL from Cloudflare

Code:

Common name: sni.cloudflaressl.com
SANs: *.flame.exchange, sni.cloudflaressl.com, flame.exchange
Organization: Cloudflare, Inc.
Location: San Francisco, CA, US
Valid from October 25, 2019 to October 9, 2020
Serial Number: 068f197f80ea53d8b1cc70f9715c90a0
Signature Algorithm: ecdsa-with-SHA256
Issuer: CloudFlare Inc ECC CA-2	
	 
Common name: CloudFlare Inc ECC CA-2
Organization: CloudFlare, Inc.
Location: San Francisco, CA, US
Valid from October 14, 2015 to October 9, 2020
Serial Number: 0ff3e61639aa3d1a1265f41f8b34e5b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: Baltimore CyberTrust Root

We haven't actually launched yet, I just started this topic for when we actually launch

3. The site isn't fully completed yet
6. The site isn't fully completed yet
7. The site isn't fully completed yet
BitMaxz's comment: We actually haven't launched, and we haven't upgraded CloudFlare yet. About the 3rd-party CMS.. 'Express' Is not a CMS, it's a Web-Application-Framework for Node.JS (You can find out more by simply googling 'express nodejs')

[mk4]

We haven't actually launched yet, I just started this topic for when we actually launch

If that's the case, you probably should've made it clear to start with lol.

Also, your exchange hasn't launched yet but you're already accepting registrations. In such an early stage, It'd probably be best that your registration should be disabled temporarily and instead have a sort of "email me when the exchange is ready to use" newsletter instead; just like how most if not all new exchanges do it.

[Csmiami]

It'd probably be best that your registration should be disabled temporarily and instead have a sort of "email me when the exchange is ready to use" newsletter instead; just like how most if not all new exchanges do it.

I don't fully agree with you there. Allowing registration of users that know the exchange is still a WIP could help find early bugs and errors prior to an official launch. Still, they could simply use some kind of "closed testing" instead of allowing anyone to join freely.

[AtomicLemon_]

It'd probably be best that your registration should be disabled temporarily and instead have a sort of "email me when the exchange is ready to use" newsletter instead; just like how most if not all new exchanges do it.

Also, your exchange hasn't launched yet but you're already accepting registrations. In such an early stage, It'd probably be best that your registration should be disabled temporarily and instead have a sort of "email me when the exchange is ready to use" newsletter instead; just like how most if not all new exchanges do it.
I don't fully agree with you there. Allowing registration of users that know the exchange is still a WIP could help find early bugs and errors prior to an official launch. Still, they could simply use some kind of "closed testing" instead of allowing anyone to join freely.

This is the case

I have a few bug testers/beta testers exploring the site to make sure everything is working as it should.

But I am very grateful for all the pre-release feedback I ended up getting, thanks guys 


I will probably just start a new thread for our feedback/reviews as this one wasn't meant to be posted on yet

[hugeblack]

I respect that you are looking to get some pre-release feedback, but if a lot of the basic things are not available then there is no point in reviewing.
The design looks good and simple, but the advantages provided by the platform can be found on all platforms, what are the unique things that your platform provides?
The way to contact the support team seems strange? Communication via telegram is not a good way as I do not find any email for the platform.
Interacting with social media does not include many ongoing updates. What have you done since 2018?

[AtomicLemon_]

I respect that you are looking to get some pre-release feedback, but if a lot of the basic things are not available then there is no point in reviewing.
The design looks good and simple, but the advantages provided by the platform can be found on all platforms, what are the unique things that your platform provides?
The way to contact the support team seems strange? Communication via telegram is not a good way as I do not find any email for the platform.
Interacting with social media does not include many ongoing updates. What have you done since 2018?

Thanks for the feedback, you are very right about the strange support system, we are still working on it. We do have a ticket system you can use here: https://www.flame.exchange/support

And about the email, I will add it now 

We originaly did have an exchange in 2018, but we decided to take it down and work on a more faster, secure and reliable peice of software because we didn't fully believe that it was acting up to scratch.

[SFR10]

Reply with feedback, reviews, comments, or anything you want to write about Flame.Exchange

1. Choosing a different language doesn't translate the whole website, only very few words are converted...
2. Can you explain a bit further about the "security" and "low fees" parts of your exchange ^{[apart from their descriptions]}?
3. Since you mentioned "PROFESSIONAL TEAM", Can we know who are the members behind this exchange?

[gullu]

In this all comments, I think only BitMaxz comments are technical and serious comments and the other comments can be solved very easily by the team.

[coupable]

Reply with feedback, reviews, comments, or anything you want to write about Flame.Exchange

- This topic was created before you lunch your official ANN thread:

• Why did you create another topic asking for reviews/feedbacks?
• Why don't you post the ANN thread in the "Exchanges" board as you have tokens traded for btc in the exchange? I think it's allowed by forum policy to keep the old one in the Altcoin board.

- Accept listing tokens for free is not a professional move and users won't trust you if you don't describe an honnest way of how you accept token to be listed in your exchange. 🔥FREE Coin Listing!🔥 - Flame.Exchange