Not unverifiable. As mentioned in my post:
-
Checking the hash of the deployed wasm is possible as described in the upgrade proposal
-
The commit is also tagged as “Proposal-76202 ”
As mentioned in the proposal, the process followed the Security Patch Policy and Procedure that was adopted in proposal 48792 (which also reference forum post 11069) - i.e. this proposal defines the plans / options to handle such critical incident.
Hope that answer your question and concern?