Reports in helium program: S.No Title Bounty 1 Organization Takeover $500.0 2 SSRF By adding a custom integration on console.helium.com $500.0 3 Race Condition of Transfer data Credits to Organization Leads to Add Extra free Data Credits to the Organization $250.0 4 Organization Takeover via invitation API $100.0 5 Hyperlink Injection on Email Invitation $50.0 6 Cleartext Transmission of Sensitive Information Leads to administrator access $0.0 7 unpermitted user can change the device name of admin account $0.0 8 Read-only user can delete higher privileged members using open DELETE /api/memberships/ endpoint $0.0 9 HTTP request Smuggling $0.0 10 Read-Only user can delete users $0.0 11 Account takeover w/o interaction for a user that doesn't have 2fa enabled via 2fa linking and improper auth at /api/2fa/verify $0.0