[WUHANCLAN]

HackerOne can force their customers to pay, that's the entire point of their "guaranteed bounty" program, that's it's a guaranteed bounty!

Even with a guaranteed bounty and a critical security vulnerability, HackerOne will punt the entire thing to one of their Portswigger groupies for collection and then won't disclose the details about the discovered flaw that supposedly they found prior to your submission.

Those guys are terrible, worthless product offering unless you are one of their clients getting free penetration testing and vulnerability analysis services.