By now you may have noticed that the flat curation curve is officially in effect on LeoFinance. Many users have already reported on their increased earnings as a result of the update.
As we stated in the official announcement about the linear curation curve, this is intended to level the playing field for manual and auto curation. It does not incentivize manual curation higher than auto curation, but rather removes the disincentive to manual curators. Under the old curation system, manual curators actually sacrificed rewards to auto curation bots who voted just a few seconds after a post was published.
The way we see it, you should not be punished for manually curating. If anything, you should be rewarded to a greater degree if you choose to spend your time and stake on curating good content that benefits the platform. Auto curators should not be bad mouthed or removed from the platform. They are simply investors who have bought the token and don't wish to spend all their time manually curating content. That's totally fine. We just don't want those auto curators to take rewards away from manual curators.
From the many posts I've seen so far, our community is extremely excited about this update and many users are actually buying more LEO to stake and curate directly because of it. Due to the increased rewards for manual curators and the flattening rewards of auto curation, it's essentially a win-win situation.
Yes, auto curation may make slightly less than before, but it doesn't make less than anybody else. Directing rewards to the best content/consistent authors is what will make LeoFinance grow and what will make LEO stakeholders happy in the long-run.
It will be fun to see how this all plays out as users realize that manual curation is just as profitable as auto curation and they are able to distribute upvotes as "likes" and "tips" as opposed to "gaming the curation system" by trying to vote before other people. Feel free to make some posts about your new curation endeavors. I'd love to see the feedback from more users
We're reviewing everything that happened leading up to, during and after the WLEO hack. There is a lot of data to parse through and luckily, a lot of amazing people have stepped up to help with the investigation.
In auditing the attack, we've learned a few things about how it happened but there are still many unanswered questions that we're pursuing.
When the attack first occurred the priority was to secure the remaining funds from the Uniswap liquidity pool and then close down the WLEO contract. We successfully did that and managed to save 114 ETH. From there, we cleared out the @wrapped-leo account as a hack on the ETH private key governing WLEO could also mean a hack on the @wrapped-leo private keys. We removed 254,232 LEO from this account and secured it in another Hive address.
Early in the process of investigating the issues, we found that nothing on the Hive side was impacted. Many of you already know this if you're actively catching the updates and chat in our Discord server. The hack only impacted the WLEO contract itself - allowing the hacker to mint an unlimited amount of WLEOs. Thus, this didn't spill over into any of the LEO operations on Hive.
An initial audit of the attack revealed that the WLEO minting transactions (the operations on the ETH blockchain that printed WLEOs) were signed with the actual private key used for the WLEO contract. This narrowed down the possibilities of how WLEO was attacked. After finding that and also having an initial review of the database, we've crossed a few possibilities off the list.
We concluded that the attack is most likely directly on the ETH private keys and not any other potential attack vector. The current status of our investigation into what happened is a deep review of the logs to see if there was an attack on the WLEO oracle server itself in order to extract the ETH private key. Again, some amazing devs from Hive have stepped up to help in the review and analysis of these logs other information we have.
We'll continue to release updates and additional information about what happened as we try to figure out how exactly this attack was performed. I'm documenting the entire audit process and we'll release a full "whitepaper" report at the end which outlines everything we know about what happened, how the events unfolded and explore potential options in the future that could mitigate attacks such as this.
Some users have asked if WLEO will ever live again and the short answer is: yes, but we clearly need to address security concerns thoroughly and explore options such as token time locks and removing the ability to mint tokens altogether. The upcoming audit report will be a deep dive in security on the past version of WLEO and an exploration of future options in creating a highly secure V2 of WLEO for the future.
In terms of distributing the funds that were secured: we also have a lot of data to parse through in terms of LP balances before, during and after the hack. We're working through the data and figuring out who had what and how we can distribute the secured funds back to LPs who were impacted. Thanks for being patient through this process. We'll continue working through the data and will share updates along the way. Our goal is to redistribute these funds in the next 5-7 days as the data is collected, reviewed and verified.
This is truly one of the hardest challenges I've ever faced (personally) and definitely the hardest challenge LeoFinance has faced as a team and community.
I'm extremely grateful for how everyone has reacted to this situation. It's clear that we're all committed to the same mission, the same ideals and the same long-term vision of what LeoFinance is today and what it can and will be tomorrow.
Here at the end of this update, I just want to share some community posts that have lifted my spirits and may also lift yours. You guys are awesome and none of this would be possible without the strong bond that we all share over this community and project:
I can't even list them all here. Just happy to see so much support and optimism about LeoFinance's future. This is truly a bump in the road in a longer journey. It's a massive blow and it exposed a major vulnerability in our project, but it's also a definitive moment for LeoFinance to step up, fix what was broken and evolve as a project. This is a defining moment for us to build better systems with more rigorous testing, implementation and feedback loops.
Many of you already know that LeoFinance V2 Phase 1 was set to release on Monday of this week. Many of the features in this update were centered around WLEO - allowing our users to wrap, unwrap, claim rewards as WLEO, etc. - however, not all of the updates were around WLEO.
A vast majority of this update is aimed at an improved onboarding experience and the release of LeoInfra V1 - which allows users to sign up to LeoFinance and Hive using the MetaMask extension. We've had to rework this update and move the WLEO features into a separate branch of the project.
In the future, WLEO V2 will be released (again, after significant research, testing and feedback) and at that time, we'll re-release those WLEO features back onto leofinance.io.
This update will be released this week to the production UI. The release features a major change to the onboarding process for new users along with a number of changes to the backend and the wallet UI.
Both Hive users and Ethereum users will be able to connect to LeoInfra and access features beyond the normal Hive functions, which includes the ability to claim LEO rewards as ETH to your connected ETH wallet (this is one of the major reworks as the feature originally allowed users to claim LEO rewards as WLEO).
The general roadmap for the next few weeks is to release the major UI update (in the next 2 days), create onboarding initiatives to bring in new users to LeoFinance from Ethereum and also begin work right away on LeoFinance V2 Phase 2 (which will bring a whole new set of core features mentioned in prior posts).
As we've mentioned several times (and the community mentioned in many of their awesome posts), WLEO is just 1 aspect of LeoFinance. This hack is a definitive setback, but our other projects (like the LeoFinance.io UI) don't have to suffer much because of it. We can continue our normal schedule of updates to those projects as we also spend a significant amount of time and resources investigating the WLEO hack thoroughly.
Meanwhile, our main priority right now is to continue our data mine of the LP information to redistribute funds to those who were impacted by the WLEO hack. We're also continuing our investigation into the WLEO issue and will release updates like this post in the interim as we compile a full audit of what happened and release a whitepaper describing the findings as well as future plans to relaunch WLEO with vastly improved security and redundancies.
LeoFinance is a blockchain-based social media community for Crypto & Finance content creators. Our tokenized blogging platform (https://leofinance.io) allows users and creators to engage and share content on the blockchain while earning LEO token rewards.
|Track Hive Data||New Interface!||About Us|
|Hivestats||LeoFinance Beta||Learn More|
|Trade Hive Tokens||Hive Witness|
Posted Using LeoFinance Beta