Null bytes are not permitted in report body, or even in report title. But that can be used in the comment section of
self-closing (for reporter) and
change-status (for team). When a null byte is used as a comment, that report timeline activity disappears!
For example: https://hackerone.com/reports/133317 report was closed using a null byte in comment.
There is no activity log in the report details for the closing, but the report is closed.