So I submitted three bugs awhile ago and so far I got paid for one of them which is $750, and the others are both authentication bypasses. So for the 2nd one, (auth bypass) I get this back: "Thank you for participating in the PayPal Bug Bounty Program. We regret to inform you that your bug submission was not eligible for a bounty. We have determined that your bug submission is invalid for the following reason: Your submission relies on social engineering which is out of scope for PayPal's Bug Bounty Program. Title: Authentication Bypass" They called it Social Engineering because I listed it as a USE of what you could do with it. Now they're trying to dodge it calling it invalid and that they don't support it.