Since this bug wasn't exploited by miners at the time, it provides some circumstantial proof that entities who aren't normally in a position of trust are able to wield a position of trust responsibly once a vulnerability places them in that position.
Yes, that's the good with being open-source, but I hope you acknowledge how ridiculous it now sounds to claim that it is completely resistant to Sybil attacks and how absolutely invulnerable the client is. All these assertions were just invalidated with this recent report.
And we frankly don't know if this vulnerability has ever been exploited before. We're just guessing.
I'm happy to pay out a bounty for any serious bugs discovered in the code.
I'd be interested in this. How much are you willing to pay? And define "serious bug".
After this incidents I have to say that I don't trust WabiSabi protocol and their lead architect Yuval, I am sure there are more hidden ''bugs'' in code.
The protocol is pretty decent, if you read the paper. It's theoretically one of the best approaches to implementing coinjoin. It is the
team that puts this theory into practice which cannot be trusted, unfortunately, judging by their behavior, as revealed in the past, and their demonstrated lack of competence.