Payments from a company are subjective not objective. There is a single purchaser, in this case Slack, and the researcher already said that he wouldn't engage in unethical behaviour to make more money. Just sell the vulnerability to Slack, and be done with it.
Business owners of failing businesses, when they go to sell, many times think, "I've put in a million hours for this, so I need a million dollars." But, that will never happen.
Business owners of failing businesses, when they go to sell, many times think, "I've put in a million hours for this, so I need a million dollars." But, that will never happen.