There's little substance in the code, the verifyRingSignature() method is trivially simple and isn't called anywhere else in that commit. Their proposed function, generateRingSignature(), doesn't exist and thus it's impossible to determine whether they've actually done anything of substance. The whitepaper is purposely vague in many of the important parts, and a review in conjunction with code is impossible, so we have to take it on the face of it...which is that NIZK + ring signatures + security + low space utilisation = impossible right now.