How to gain ranking points?
As an Hunter, when you submit a vulnerability report to YesWeHack Bug Bounty Programs and it is validated, you earn ranking points based on the severity of the issue and the applicable reward grid.
The YesWeHack ranking point system is based on three aspects:
Report status:
+7 points for accepted + resolved report
+1 to +12 points for duplicate report (25% of the original report's points)
-3 to -10 points for (recurring) invalid reports
-1 for ‘Need More Information’ status
Reward:
+5 to +50 points depending on report's severity and reward amount
ℹ️ Learn more about how reward-based points are calculated in the next section.
Report quality:
+1 point for correct CVSS scoring
+1 to +5 points for PoC clarity, additional details, screenshots, etc.
The more valid bugs you submit, the more points your will gain.
The more severe your findings are, the more points you will earn.
The more detailed and precise your reports are, the more points you will be awarded.
To access the leaderboard:
Go to “Ranking”
Focus on reward-based points
Ranking points are also awarded when a reward is paid, depending on the reward amount and the applicable reward grid for this scope.
Let's take the following reward grid as an example:
In this case, points will be calculated as follows:
Bounty <= 100 € (Low) = 5 points
100 < Bounty <= 500 (Medium) = 5 + 10x(bounty²/500²) points -- i.e. 5 to 15 points
500 < Bounty <= 1500 (High) = 15 + 15x(bounty²/1500²) points -- i.e. 15 to 30 points
Bounty > 1500 (Critical) = 50 points