Just thought I would leave this here so that security researchers know that the bounty isn't only limited to bugs in SMF or the server:
If you can cause serious damage to the forum with any sort of bug, and you responsibly disclose this bug, you will be given a lot of money.
BTW, I've contacted you about payment for the vulnerability I disclosed a few weeks back.