I didn't even knew about this one, the devs and the witnesses involved acted so fast to implement and run this patch, which is definitely amazing!
What makes me curious is the fact that nobody tried to power down more SP than they had, at least not by now. This is one of the reasons why Steem is still in beta and actually we are the beta testers.
So, somehow, even though he has done a bad thing, I guess that we should congratulate @nijeah or who is behind that account for highlighting this vulnerability in the Steem code-base. It is definitely better now than later :D
Powering down more SP than you have was always checked and rejected immediately. In this case the missing check was for "negative power down" (which could also be described as attempting to use the power down command to power up). No one had been creative enough to try that yet!
Okay, I got it now, pretty intelligent, I must admit! So if I send to somebody -2 Steem, that person is actually sending me 2 Steem :))
That was a tricky one!
Damn... that was possible up until a few days ago?
Guess we have to thank @nijeah for "finding" this bug!!
Noow I get it :)
delete
After giving it a bit of thought, I would guess that @nijeah delegated his/her steem power to another account at the same time they powered down their Steem Power, done from two different browser tabs.
One witness could have processed the Steem Power Delegation, while the next block processed by a different witness handled the Power Down before the previous block was confirmed.