Yes, Facebook is ready to pay users. However, you will have to do your best to do so. For 10 years, the company has been paying royalties to those who find bugs in the code of all the sites and applications under its control.
By the way, these amounts are quite decent. The minimum is $500. The rates increased depending on the threats that can cause the error you have found. For example, the Ukrainian programmer Dmitry Lukyanenko received $15,000.
But you have to consider that he is not just lucky. He is a professional bug finder. This profession is called a bug-hunter. Sometimes large companies purposely resort to their help - give them their new products to check.
But finding a bug is not enough. You must also prepare a report on it and have time to submit it to Facebook before someone else does. If a company receives several reports on the same bug, the first one to send the report will get the fee.
At the same time, they pay not only for errors in Facebook's security system, but also in products and services of the whole family: Instagram, Oculus, WhatsApp and others.
A full list of resources can be found in the company's official instructions. Enter into the search engine query: Facebook Bug Bounty Program and follow the first link. You can also find other details about the bug bounty program there.