I think it would be fair to distinguish "reasonable report, but not actually a vulnerability" (where you get the submission fee back) and "slop" (where you don’t).