Step 1:

Register your account

Step 2:

After i registered, then i check all the functionality of the web app upon testing i found a bug where user can tamper with the tip system with the help of Burp Suit

Step 3:

capturing the order request using the intercept mode on the burp suit and changing the value

Changing the tip value from 100 to -100

Step 4:

Intercept the altered request with a response and you will get the flag

Logic :

Why did this happen? Well, the logic behind this is most likely:

calculated_total = items_total × (1 + tip_percentage ÷ 100) which would get you a free pizza if the tip_percentage is -100% as -100% evaluates to zero, regardless of the items_total value.