A dice betting web site X by my testing was vulnerable to double spends (under 0.01 BTC)..I am white hat; I returned the funds and notified X of their vulnerability

I wasn't trying to rob anyone, just to test a new service to see if it worked. I did it on the lowest amount (0.001 BTC) so the casino is not  going to be hurt by that loss.

I tried your "web tool" since that's what you call it. It may have done a double spend but i fail to see how i now have 'double" the bitcoins. What I did...

1. Sent 0.001 BTC to duckdice (since it's on your FAQ).
2. It let me bet my 0.001 before confirmation (hopes are high at this point)
3. Bet lost (big surprise...who heard of that casino...might be a scam casino)
4. Sent second transaction back to me; it confirmed in 10 mins

So now I have doubled my money? No, I have the same bitcoins I began with, minus 0.0001 BTC that your "tool" charges, and minus my transaction fee too.

Hardly feel rich now.