floppy is a deeply irresponsible, immoral and sad person. this is the final chapter of his already ruined reputation. he’s so deranged that his entire existence revolves around hating cashu. imagine being so obsessed with a protocol that you waste your life attacking the people actually building the infrastructure for bitcoin. two weeks ago, he disclosed a denial-of-service bug, which we immediately patched and even paid him a small bounty for reporting. since then, he’s been cryptically tweeting about it nonstop — and now, just two weeks later, he’s threatening to DoS any mint that hasn’t updated yet. if you support this person in any way — through conference invites, collaborations, or funding — you’re associating yourself with one of the worst individuals in bitcoin. don’t forget: this is someone who was once banned from the bitcoin mailing list for threatening to murder a core dev. people tend to forget what kind of subhuman scum hides among us. maybe one day he’ll actually create something useful. have you ever seen one of his projects in use? where’s all that privacy tech he loves to larp about? exactly. he’d rather sit drunk in his lonely cave, obsessing over cashu. update to nutshell 0.18.0. a patch will follow soon for anyone already affected. ignore. avoid. warn your peers.

floppy is a deeply irresponsible, immoral and sad person. this is the final chapter of his already ruined reputation. he’s so deranged that his entire existence revolves around hating cashu. imagine being so obsessed with a protocol that you waste your life attacking the people actually building the infrastructure for bitcoin. two weeks ago, he disclosed a denial-of-service bug, which we immediately patched and even paid him a small bounty for reporting. since then, he’s been cryptically tweeting about it nonstop — and now, just two weeks later, he’s threatening to DoS any mint that hasn’t updated yet. if you support this person in any way — through conference invites, collaborations, or funding — you’re associating yourself with one of the worst individuals in bitcoin. don’t forget: this is someone who was once banned from the bitcoin mailing list for threatening to murder a core dev. people tend to forget what kind of subhuman scum hides among us. maybe one day he’ll actually create something useful. have you ever seen one of his projects in use? where’s all that privacy tech he loves to larp about? exactly. he’d rather sit drunk in his lonely cave, obsessing over cashu. update to nutshell 0.18.0. a patch will follow soon for anyone already affected. ignore. avoid. warn your peers.

Whirlpool client proves ownership of the registered input by signing always the same message, which is the pool denomination (e.g., "0.025btc"). This means that a coordinator can use the received ownership proofs to attack every other coordinator. To prevent this and also prevent the same signature from being used to prove ownership of a different UTXO with the same scriptPubKey, a simple solution could be to commit to the outpoint, the mix ID, and the coordinator URI in addition to the poolId.