Now the vulnerability is out in the open, could the code please be updated to contain the information here, but in the comments? Gavins commit merely mentions there is a DoS attack without discussing further what it involves, also, the vulnerability of the merkle hash function should ideally be noted inside it.