wasn't Shen N. the one who broke the SDC crypto thus de-anonymizing its users/tx?
Last I heard SDC was broken crypto.
They fixed that bug (correctness of the fix I'm not vouching for). They did not, as far as I know, fix the process issues that led to it.
Fix or not, didn't the bug allow de-anonymizing of users and tx. So if an attacker knew of this bug before anyone they could in theory have unraveled any privacy features SDC employs for all existing transactions?
You brought up the validity of the "fix" of which I know nothing either. That does pose a problem assuming no credible peer review of the fix was done. If not, there is a good chance it could be a band-aid that was put on to the problem and not a source solution.
When you mention "process issues" are you speaking to the way SDC has developed/tested/deployed its code to the end user?
Here's my comment at the time. In particular the horrifically-irresponsible dismissal of the issue as FUD by the leadership is a particularly bad sign. At least they should know what they don't know, but they don't.
I'm not aware that any meaningful changes have been made, but I don't follow it at all, so I may be unaware.
The question the community should be asking is what changes have been made to the process to address the underlying causes for not only the original bug, but also for: a) it not being found over a year in the wild, and b) the flaw being incorrectly dismissed by the core team once reported.
I would say the underlying causes are:
1. Poor/nonexistent core competency in cryptography and math.
2. No peer review.
3. Leadership failure in not recognizing the need for #1 and #2
Just fixing the bug is treating the symptom, not the cause.
You can click through and read about various other problems with the development and marketing teams and process including repeated plagiarism and repeated false denials of such on that uncensored thread (which needed to be created by a disgusted former community member due to censorship of the original thread)