> you're asking me if I would class this as a 20k USD (plus environmental and societal impact) bug?

Not this bug in particular as a single bug bounty, but as an entire codebase audit that exposed multiple bugs? Sure.