its not a vulnerability if they're modulating the hardcoded key per CJ round correct? as @npub1vadc...nuu7 suggested on original vulnerability disclosure post Jan 7th? either way, the server CANNOT give clients a unique key for identification.