What's Hunter collaboration?
Hunters can collaborate on a report to dig deeper, extend the impact of found vulnerabilities, and share rewards accordingly.
How does it work?
Ask for help and collaborate on a specific program
Invite up to 5 hunters as collaborators
Define bounty values for each collaborator (i.e. what share of the bounty will one get)
Hunt as a team
Share rewards
ℹ️ Don’t forget to ask other Hunters before inviting them to a program!
To add collaborators on a public program report:
Submit a report and open it
Click on “Collaborators”
Fill out the “Username” and the “Bounty value”
Click on “Send”
⚠️ The collaborator must have completed the Strong Customer Authentication (SCA) to be invited on a report.
Collaboration on private programs
ℹ️ Collaboration on private programs is possible if all hunters are already invited on the program.
⚠️ Private program's names are not public information
Use the Collaboration ID to find your peers if you are looking for collaborators on a private program.
Use case example
Context: Hun73r has been going in circles on a particular program. He has found something intriguing but needs a second pair of eyes to confirm and investigate further.
Make sure that the program accepts Hunter Collaboration:
ℹ️ Each private program with hunter collaboration enabled has a unique “Collaboration ID” that you can directly share (e.g., on Twitter/X) to ask for help.
Retrieve the Collaboration ID in the “Hunters Collaboration” section of the program
Send this ID to potential collaborators.
ℹ️ How to check if you can participate to a private program?
Click on the URL https://yeswehack.com/programs/{Collaboration-ID}. You will be re directed to the program page if you are invited to it.
OR
Search for the Collaboration-ID in the program list while authenticated. There will be a result if you are invited to this program.
Reporting Vulnerabilities
Once your report has been submitted:
Go to “Collaborators” at the top right menu of the report
You’ll be able to have an immediate estimation of each hunter’s share, depending on the bounty values and number of invitees.
ℹ️ The Hunter who submitted the report is the only one who can manage invitations and, eventually, revoke invited collaborators.
⚠️ Reminder
5 invites per report only - and each invite counts, even if the invite was never accepted or sent to a non-eligible user (i.e., not invited on the program)
Collaborator invites and bounty value modifications are not retroactive
Make sure to spellcheck usernames, invite your collaborators as soon as possible, and make sure they accept the invite before the report is triaged!
Rewards sharing
ℹ️ To avoid decimals, collaborators rewards are rounded down to the lower integer and the remaining €/$ are granted to the hunter who submitted the report.
/ Hunter1 - Bounty value = 10
/ Hunter2 - Bounty value = 5
/ Total Reward = 2000€
/ Reward Hunter1 = Bounty value1 / (Bounty value1 + Bounty value2) * Total Reward
/ Reward Hunter2 = Bounty value2 / (Bounty value1 + Bounty value2) * Total Reward
In this case, Hunter1 will get 1333,34€ and Hunter2 will receive 666,67€ (screenshot above)
ℹ️ If you want to retrieve the reports on which you collaborated, go to your ‘Reports’ menu and search for ‘Collaborative Reports’ in the dropdown list.