This is very nice work. For those who are interested in academic work about detecting/preventing such attacks, there have been some recent papers that looked at the formal verifying protocol models [1, 2] to (dis)prove the absence of such vulnerabilities.
Yeah, sorry, my wording wasn’t clear. I meant that attacks exist based on not utilising appropriate validation criteria (and, for example, libsodium’s more strict criteria do indeed prevent them).
The issue is that implementations will reject valid signatures.