It's more like a bug bounty in reverse. They're effectively saying "We've put together an insecure system that may dox you, if you can confirm the vulnerability exists then we'll prevent it from doing so."