Objective definition of that is impossible if you don't have a formal specification. If you have a formal specification then that would be the start. If you have that then the code has to meet that or it's wrong. In addition to the formal specification you should probably also write out a document of intent which reveals the intentions of the developers on a regular basis, or just add some comments to the code which says "this part of the code intends to do only x and only for y purposes. TheDAO code was very well commented and people still missed the bug, even after it was audited, even after many people looked at it.

If it's a bug then it's not a hidden feature and the smart contract is not a scam. The developers simply made a mistake. If it's a hidden feature then maybe it's deliberate and the smart contract is a scam. When written in a Turing complete imperative language like Solidity it is very hard to determine exactly what a piece of code is doing. Code becomes like poetry with a lot of room for obfuscation or mistakes.

How do we determine whether it's a bug, a defect, or a feature? Honestly we can't. We can only look at the behavior of the code as it runs to determine that.