[vdalal]

Wow, what a find. And save. Very well deserved reward too.

Wondering (some of it aloud), how long was the vulnerability present in the code? Is it possible to know if someone was actually using this exploit to mint OETH's? How would a disconnect of this sort show up? Regular reconciliation (hourly, daily) or perhaps there are other methods.

[saurik]

It existed since November. It is not only possible but I did such a search (and found one such transaction, from a developer at Etherscan, who had seemingly noticed something awkward but not realized it was broken). Search my post-morten for "etherscan" and it should come up!