[astrange]

If it's a library normally you'd share a security patch with important customers privately, if they're otherwise going to lose $300 million. I thought this was the service's own repo though.

[kuschku]

Smart Contracts always have their source openly available on the chain, so it’s not that easy

[astrange]

But that's also the executable form of it - just patch it first, and then people can't hack it when they see fixes land in the +1 release somewhere else.

[jazzyjackson]

I could be wrong but I believe only the compiled machine code is on-chain, you don't have to publish the source

this just happens to be a project that does