In most bounty threads it is stated that the bounty rules can change at any time.
Thus, it would not be violating any written contract.
Moreover, while in some cases it is a shady KYC scam as you say, it also can happen that they are not allowed to do the payout by their compliance team. This has happened before and is a real possibility.
I agree that the bounty participants shoudn't be the one bearing the cost of that, but it is a reality.
Best case would be that all bounties require KYC. No disappointment possible this way.
Here the main issue, as you highlight it, is the fact they wait for the bounty to be over to disclose the information.
The surely knew about it sooner, but decided to postpone to avoid loosing advertisement.
While I don't like it, it it not enough for me to support any scam accusation against them. Only solid proof of when that information was brought to the BM attention, or the proof that there is no such thing as the audit mentioned would make me flag/tag them.
Ive not flagged them yet but I hope that a participant will bring up a scammer flag for violating a written contract because I cant do that, Im not a participant in their bounty.
You don't need to be the victim of the violation to create the flag.
XXXXX violated a written contract, resulting in damages, in the specific act referenced here. XXXXX did not make the victims of this act roughly whole, AND it is not the case that all of the victims forgave the act. It is not grossly inaccurate to say that the act occurred around date. No previously-created flag covers this same act, unless the flag was created with inaccurate data preventing its acceptance.