There are no third parties which can audit eips. I mean, there's no outside person not already deep into ethereum that can audit an eip based on some general body of knowledge. It's quirks upon quirks
@holiman I first learned about the vulnerability from the Chain Security Medium post and assumed they were the ones who discovered it
@MicahZoltu I think one part of the story might be the not-so-long-yet availability of
Constantinople dev tools. We released the
EthereumJS Constantinople VM 22 Nov 2018, it took Truffle some time to integrate and the first
Constantinople-ready Ganache version came out just 6 days ago. Since ChainSecure uses this first beta to test the vulnerability my assumption is that these releases might have triggered experimentation, will investigate this further.
One outcome of this might be to take dev tool readyness stronger into account when planning a hardfork date, and make release of the 2-3 most used tools (and not just the VM as some base layer) a precondition for some date settlement.