Great work on exposing the vulnerability. Really naive to use the transaction ID as the random seed. Amazing that their algorithm didn't use block hash, to at least add an element outside of the signer's control.

However, even when including a block hash, witnesses can game the random seed. This is a worry of mine with @steemmonsters pack opening. I think adding a slow key derivation function like PBKDF2 could result the attack vector by making brute force attempts infeasible. I don't think this has been implemented yet. CC @yabapmatt.