Even if it was that simple, this is still a vulnerability that is basically a time bomb. The day that code would have been triggered would have been disastrous.
But this isn’t new, bug bounties tend to have terms as strict as they can to deny you the bounty while they obviously end up fixing issues that don’t qualify for the bounty. All because of reason X or Y that turns out to be a subjective interpretation of a vague enough eligibility requirement.
Even if it was that simple, this is still a vulnerability that is basically a time bomb. The day that code would have been triggered would have been disastrous.
But this isn’t new, bug bounties tend to have terms as strict as they can to deny you the bounty while they obviously end up fixing issues that don’t qualify for the bounty. All because of reason X or Y that turns out to be a subjective interpretation of a vague enough eligibility requirement.