Is there a description of this project on any other site? They clearly can't post it's bot bait on the git repo, and maybe not on the leaderboards site because it's linked from the repo.

But there must be some announcement about the project somewhere? I'd like to get that to pass it around.

The disclosure about being a honeypot is in the CONTRIBUTING.md:

  Warning

  Heads up: This is a research project — bounties listed here are symbolic and   part of an academic study on open-source contribution patterns. PRs are reviewed for research purposes only and will not be merged into production. If you're looking for paid bounty work, this is not the right repo.

I guess a sort of task blindness where once they've gone as far as to git clone they've already switched gears from searching Github for qualifying bounties into a find bug->fix bug->open slop PR mindset to close the loop and end the turn? By that point an incidental warning they ingest in passing while looking for the Solana contract vulnerability they already committed to working on in a comment might not even register as relevant to the current task at hand.