Bounties exist, but because of the reality of development in the OSS space they're not really something you want to lean on for financial security. Pull requests frequently can take a really long time (months) to be accepted, if they're even accepted at all. The bigger projects are the worst offenders in this in my experience (sadly those are also the most likely projects to have bounties). Very large bounties (for work spanning months) paradoxically become the least attractive because of this, because if your pull request doesn't get accepted in that case you've just thrown months of work into the toilet.