While it would be great for him to get paid more than 5k for such high nuisance value bug, it'll be a bit difficult to figure out a metric to fairly put a price on a bug. Bug bounties are based on efforts and not on what you happen to find. Its like a lottery and it seems just about right for companies to keep a standard reward for all bugs. I really like the idea of paying for time spent+bug reward though.