As an exploit developer myself, I welcome all vulnerability reports at our RocketChat and we also do have crowd sourced funds available to reward reporters. With that being said the Zclassic codebase is nearly identical to Zcash so any exploit in our code would likely be reproducible with Zcash.

I'm not saying this is FUD, but I think the likelihood of your statement being true is low.