This is one of the easiest bugs I have viewed in a report; it does not need any advanced techniques to exploit it, but it has a real impact on the application's logic.
On January 6th, 2016, a bug bounty hunter named Ashish Padelkar published a bug in HackerOne, related to HackerOne itself.
As you know, HackerOne is a bug bounty platform, and like on all bug bounty platforms, a user's reputation is important. Reputation is used so that you can gain access to better payment programs. In HackerOne, the final security teams are involved in the reporting and confirmation process. Having a good reputation is important to get a quick response about a report.
Well, Ashish Padelkar found that if you created a report, and then closed it by itself, the user's reputation increases. That is all the bug was about. As you can see, it is so easy, but it was an unexpected flaw in the development process.
Offering a specific tip to identify these types of vulnerabilities is hard. The only recommendation here is to test any feature you find in the application, using a manual map to find all the possible flaws.