I do not believe this issue should have been handled this way. I heard about this vulnerability at InfraCon and from core-team members directly. This was already on their radar and from my understanding and research was already underway so as to not expose it to the public without a solution in place.
These kinds of sensitive issues should be handled in strategic manner before making them public. While there is a place to have public discussions about issues, it is absolutely in the best interest of the protocol to NOT use public forums to break news about an exploitable vulnerability without an in-place solutions that devs have sanctioned as safe.
As a POKT owner, I would much rather have perceived vulnerability handled in a strategic manner that does not in a public manner that invites attach. I am perfectly fine with not having a vulnerability public if the core-team is on the case and is researching solutions. As a DAO voter, I would easily vote for a community standard that DAO members should first go to the core-team before going to the public. This is a very dangerous precedent to set.
@addison while I believe your motives where genuine, I would ask that in the future that vulnerabilities first be discussed with the core-team. This issue was already being discussed in a tactful ways that would protect the ecosystem, and going public on your own, like this, is dangerous.
As a DAO, I feel we should formalize a process where vulnerabilities are first to be discussed with the core-team before posting to public forum and social media.
P.S. I do want to say that, though I disagree with how this validator attach vector was disclosed, I do appreciate the proposal and research itself. I think the quality of the proposal is top notch and your solution is well thought out. Props for the work you did 