Severity: How severe is the impact of the vulnerability? A higher-severity bug would likely be awarded a higher bounty.
Exploitability: How easy is it to exploit the vulnerability? If it's relatively simple to exploit, the bounty might be higher.
Risk: What kind of data or functionality is at risk due to the vulnerability? Vulnerabilities that expose sensitive information or critical functions tend to receive higher bounties.
Quality of Report: A well-documented report with clear steps to reproduce and detailed impact analysis could be awarded a higher bounty.
Originality: If the vulnerability is unique and hasn't been previously reported, it might lead to a higher bounty.
Policy and Program: Each bug bounty program has its own policies and guidelines for assigning bounties