@unmistakencorpse
Yes, there are commercial code scanners that are designed to find security holes. Any self respecting cybersecurity aware developer will scan their own source code with one. At most companies, it is a requirement before releasing your code to the public.
I'd be surprised if IMVU inc / Together Labs scan their code before release.
Most of the security holes such a program finds though ... would not be for credits. I'd be surprised if it found any for credits. More likely ... you'd find injection points and crash codes, stupid destructive shit.