If you had this exploit, how would you have monetized it? Do you know who to talk to? Do you know where to go on the darkweb to find the people who know the people who have the money to actually pay you for this? Do you know how to negotiate with them to actually guarantee payment? Do you know how much an exploit which can only delete content -- not generate false content, or access ACL'd content -- is actually worth?
Long story short, companies offer guaranteed set-size rewards as a counterpoint to the black market's potential highly variant payouts.
Companies like Facebook offer rewards as an incentive to get people to report bugs to them rather than to blog posts. The next highest bidder anywhere in the world for bugs like these is ε.
Long story short, companies offer guaranteed set-size rewards as a counterpoint to the black market's potential highly variant payouts.