I would position the bounty on a tiered scale based on the size and impact of the bug. If it could be critical, maybe a 50K sat payout, if it is minor maybe a 5K sat payout.

There are a lot of bug-hunting models out there, but from my view, this one is pretty effective.