Only crypto audit will tell if it's a bug or not. Right now there is another way to fix unverifable signatures in Crypto.sign(). We can't use BloodyRookie's fix without a formal proof that this won't break Curve25519 security. Actually, if the fix gets rid of unverifable signatures completely then we shouldn't use it. It's a normal situation that sometimes we have to recompute signatures generated with EC-KCDSA.