As researchers identify vulnerabilities in applications, they may encounter duplicate findings that can be challenging to evaluate. Bugcrowd's approach to duplicate evaluation considers three key principles: touching the code or making a change, similar issues being distinct; and many instances not necessarily indicating systemic problems. In scenarios where multiple SQLi vulnerabilities are reported across different queries and resources, it is essential to realize that each vulnerability may require a separate fix, even if they appear to be of the same type. Similarly, reflected XSS vulnerabilities with common parameters can be unique findings, but their similarity should not lead to duplication. In cases where CSRF vulnerabilities are identified on multiple pages or endpoints, many instances do not equate to systemic problems, and each finding may require a separate fix. By considering these principles and evaluating context, clients can ensure fair recognition and reward for unique findings while avoiding unnecessary duplication.