Rate limit bug
Attackers can replay the mail send request on Email (customer registrations) generate the emails multiple times to any valid email id. Absence of rate limits can lead to the attacker flooding the application with spurious requests.
Implement backend verification/input validation to ensure rate limits on critical functions like notification mechanisms like Email or OTPs (as applicable)
Our bug bounty program is detailed on our blog:
Do be sure to read the scope rules.