By now you may have noticed that the flat curation curve is officially in effect on LeoFinance. Many users have already reported on their increased earnings as a result of the update.
As we stated in the official announcement about the linear curation curve, this is intended to level the playing field for manual and auto curation. It does not incentivize manual curation higher than auto curation, but rather removes the disincentive to manual curators. Under the old curation system, manual curators actually sacrificed rewards to auto curation bots who voted just a few seconds after a post was published.
The way we see it, you should not be punished for manually curating. If anything, you should be rewarded to a greater degree if you choose to spend your time and stake on curating good content that benefits the platform. Auto curators should not be bad mouthed or removed from the platform. They are simply investors who have bought the token and don't wish to spend all their time manually curating content. That's totally fine. We just don't want those auto curators to take rewards away from manual curators.
From the many posts I've seen so far, our community is extremely excited about this update and many users are actually buying more LEO to stake and curate directly because of it. Due to the increased rewards for manual curators and the flattening rewards of auto curation, it's essentially a win-win situation.
Yes, auto curation may make slightly less than before, but it doesn't make less than anybody else. Directing rewards to the best content/consistent authors is what will make LeoFinance grow and what will make LEO stakeholders happy in the long-run.
It will be fun to see how this all plays out as users realize that manual curation is just as profitable as auto curation and they are able to distribute upvotes as "likes" and "tips" as opposed to "gaming the curation system" by trying to vote before other people. Feel free to make some posts about your new curation endeavors. I'd love to see the feedback from more users
WLEO Updates
We're reviewing everything that happened leading up to, during and after the WLEO hack. There is a lot of data to parse through and luckily, a lot of amazing people have stepped up to help with the investigation.
In auditing the attack, we've learned a few things about how it happened but there are still many unanswered questions that we're pursuing.
When the attack first occurred the priority was to secure the remaining funds from the Uniswap liquidity pool and then close down the WLEO contract. We successfully did that and managed to save 114 ETH. From there, we cleared out the @wrapped-leo account as a hack on the ETH private key governing WLEO could also mean a hack on the @wrapped-leo private keys. We removed 254,232 LEO from this account and secured it in another Hive address.
Early in the process of investigating the issues, we found that nothing on the Hive side was impacted. Many of you already know this if you're actively catching the updates and chat in our Discord server. The hack only impacted the WLEO contract itself - allowing the hacker to mint an unlimited amount of WLEOs. Thus, this didn't spill over into any of the LEO operations on Hive.
An initial audit of the attack revealed that the WLEO minting transactions (the operations on the ETH blockchain that printed WLEOs) were signed with the actual private key used for the WLEO contract. This narrowed down the possibilities of how WLEO was attacked. After finding that and also having an initial review of the database, we've crossed a few possibilities off the list.
We concluded that the attack is most likely directly on the ETH private keys and not any other potential attack vector. The current status of our investigation into what happened is a deep review of the logs to see if there was an attack on the WLEO oracle server itself in order to extract the ETH private key. Again, some amazing devs from Hive have stepped up to help in the review and analysis of these logs other information we have.
We'll continue to release updates and additional information about what happened as we try to figure out how exactly this attack was performed. I'm documenting the entire audit process and we'll release a full "whitepaper" report at the end which outlines everything we know about what happened, how the events unfolded and explore potential options in the future that could mitigate attacks such as this.
Some users have asked if WLEO will ever live again and the short answer is: yes, but we clearly need to address security concerns thoroughly and explore options such as token time locks and removing the ability to mint tokens altogether. The upcoming audit report will be a deep dive in security on the past version of WLEO and an exploration of future options in creating a highly secure V2 of WLEO for the future.
In terms of distributing the funds that were secured: we also have a lot of data to parse through in terms of LP balances before, during and after the hack. We're working through the data and figuring out who had what and how we can distribute the secured funds back to LPs who were impacted. Thanks for being patient through this process. We'll continue working through the data and will share updates along the way. Our goal is to redistribute these funds in the next 5-7 days as the data is collected, reviewed and verified.
🦁 Community 🧡
This is truly one of the hardest challenges I've ever faced (personally) and definitely the hardest challenge LeoFinance has faced as a team and community.
I'm extremely grateful for how everyone has reacted to this situation. It's clear that we're all committed to the same mission, the same ideals and the same long-term vision of what LeoFinance is today and what it can and will be tomorrow.
Here at the end of this update, I just want to share some community posts that have lifted my spirits and may also lift yours. You guys are awesome and none of this would be possible without the strong bond that we all share over this community and project:
- https://leofinance.io/hive-167922/@themightyvolcano/i-stand-with-leo-finance
- https://leofinance.io/hive-167922/@rollandthomas/wleo-s-hack-attack-nothing-but-a-corrective-move-on-a-price-chart
- https://leofinance.io/hive-167922/@rezoanulvibes/wmmswepy
- https://leofinance.io/hive-167922/@empoderat/leo-hack-so-leo-at-the-end-finally-didn-t-paid-my-october-s-rent
- https://leofinance.io/hive-167922/@uyobong.venture/not-time-to-relent
- https://leofinance.io/leofinance/@cageon360/the-wleo-hack-is-not-the-end-of-the-project
- https://leofinance.io/hive-167922/@trumpman/i-won-t-be-selling-my-leo-anytime-soon
- https://leofinance.io/hive-167922/@gniksivart/wleo-was-hacked-my-thoughts-and-opinions
- https://leofinance.io/hive-167922/@sgt-dan/i-stand-with-leofinance
- https://leofinance.io/hive-181335/@taskmaster4450/mmqzpjeu
- https://leofinance.io/hive-167922/@xabi/building-up-leo-power-in-response-to-linear-curation-curve
- https://leofinance.io/hive-167922/@whatageek/wleo-got-hacked-leo-funds-and-leo-site-are-safe-and-i-m-not-going-anywhere
- https://leofinance.io/hive-167922/@cadawg/wleo-and-the-future-the-holy-trinity
- https://leofinance.io/hive-167922/@revisesociology/i-just-powered-up-the-leo-i-have-left
- https://leofinance.io/hive-167922/@therealwolf/to-the-leo-community-hodlers-and-team
- https://leofinance.io/hive-167922/@scaredycatguide/the-leo-project-remains-strong-and-the-cat-is-confident-after-the-latest-roundtable
- https://leofinance.io/hive-167922/@jrcornel/leofinance-sees-new-all-time-high-in-ad-revenue
I can't even list them all here. Just happy to see so much support and optimism about LeoFinance's future. This is truly a bump in the road in a longer journey. It's a massive blow and it exposed a major vulnerability in our project, but it's also a definitive moment for LeoFinance to step up, fix what was broken and evolve as a project. This is a defining moment for us to build better systems with more rigorous testing, implementation and feedback loops.
LeoFinance V2 Phase 1 Update
Many of you already know that LeoFinance V2 Phase 1 was set to release on Monday of this week. Many of the features in this update were centered around WLEO - allowing our users to wrap, unwrap, claim rewards as WLEO, etc. - however, not all of the updates were around WLEO.
A vast majority of this update is aimed at an improved onboarding experience and the release of LeoInfra V1 - which allows users to sign up to LeoFinance and Hive using the MetaMask extension. We've had to rework this update and move the WLEO features into a separate branch of the project.
In the future, WLEO V2 will be released (again, after significant research, testing and feedback) and at that time, we'll re-release those WLEO features back onto leofinance.io.
This update will be released this week to the production UI. The release features a major change to the onboarding process for new users along with a number of changes to the backend and the wallet UI.
Both Hive users and Ethereum users will be able to connect to LeoInfra and access features beyond the normal Hive functions, which includes the ability to claim LEO rewards as ETH to your connected ETH wallet (this is one of the major reworks as the feature originally allowed users to claim LEO rewards as WLEO).
The Next Few Weeks
The general roadmap for the next few weeks is to release the major UI update (in the next 2 days), create onboarding initiatives to bring in new users to LeoFinance from Ethereum and also begin work right away on LeoFinance V2 Phase 2 (which will bring a whole new set of core features mentioned in prior posts).
As we've mentioned several times (and the community mentioned in many of their awesome posts), WLEO is just 1 aspect of LeoFinance. This hack is a definitive setback, but our other projects (like the LeoFinance.io UI) don't have to suffer much because of it. We can continue our normal schedule of updates to those projects as we also spend a significant amount of time and resources investigating the WLEO hack thoroughly.
Meanwhile, our main priority right now is to continue our data mine of the LP information to redistribute funds to those who were impacted by the WLEO hack. We're also continuing our investigation into the WLEO issue and will release updates like this post in the interim as we compile a full audit of what happened and release a whitepaper describing the findings as well as future plans to relaunch WLEO with vastly improved security and redundancies.
If you have any questions, please leave a comment below or jump into our Discord or Telegram.
LeoFinance is a blockchain-based social media community for Crypto & Finance content creators. Our tokenized blogging platform (https://leofinance.io) allows users and creators to engage and share content on the blockchain while earning LEO token rewards.
Track Hive Data | New Interface! | About Us |
---|---|---|
Hivestats | LeoFinance Beta | Learn More |
Trade Hive Tokens | Hive Witness | |
---|---|---|
LeoDex | @financeleo | Vote |
Posted Using LeoFinance Beta
This entire post speaks volumes to the professionalism of the LeoFinance team. You get the respect you ask for and team Leo definitely deserves it. 👍
Posted Using LeoFinance Beta
I'm been waiting for this to officially happen now can can get stable curation reward whippy
A complete report and with solid points on what is to come in order to ensure fairness in terms of reality for all those involved into the Liquidity Pool. In the same time a sneak to future features which we will expect and are thrilling to see them in work. Great job guys, a true team alongside a supporting community!
Posted Using LeoFinance Beta
Great to have it in full effect, I can of course manually curate without having to worry of losing rewards from curation. Definitely this changes the scope of curating on Leo and hopefully some huge stakers i.e whales will take advantage of this curve. Great one Khal I'll be watching how it works for a week
Posted Using LeoFinance
As a content creator, one of the challenges faced is attracting curators. Curator's have a way of motivating and encouraging us to create quality contents. I'm just glad that every curator will now have his full rewards and no one being robbed of rewards due to the "time-of-upvoting" factor.
Also, the hack was bad and I feel for all those that were being affected. And I'm sure the ever-relentless team will tighten up the security of users' funds. Better days are ahead of leo!
Posted Using LeoFinance Beta
Kudos for carrying on with the curation changes on time even with the hack!
Great news.
I'm sure I speak for the majority when I say there's no rush on the compensation programme, we're just grateful to get anything back!
In the meantime I'll just carry on as usual, buying more LEO on the way!
Posted Using LeoFinance Beta
Only manual curation👍
Posted Using LeoFinance Beta
Thanks for the update Khal!
Looking forward to see LeoInfra potential!
Posted Using LeoFinance Beta
Nice to see and read that the hack has not stopped Leo from moving forward on updates to your systems.
Fantastic news we need that all the upvotes do in manual form, that people enjoy the lecture and invited by post that like to them without the time, by the way you should expand the reward time from 7 to 10 days evaluate it.
We look forward to solving the problem!
Congratulations @leofinance! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s) :
You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOP
BOI is now off to become a big Lion!
Posted Using LeoFinance Beta
an aditional comment, why you do not uses etherem clasic for make your contract, there is the same Ethereum but with value and cost of gas more more short and cheap than the normal Ethereum, i guess that the people are in Ethereum but if you think, if people like me could not enter to this great proyect for the cost of Ether, but the ETC is more simple, consider this as a option.
Thanks for read and sorry my english mistake, you really make a great job.
if you need an auditor for an opinión or análisis here i am.
Posted Using LeoFinance Beta
All well done.
As some may have noticed, I love doing it MANUALY 😉
Posted Using LeoFinance Beta
Good point, would be nice to have this change also in Hive.
Posted Using LeoFinance Beta
I'm glad you're feeling the support of the community, because it's definitely all behind you.
Looking forward to the report and what we can learn from this. Eventually, we're going to look back at this as a bump in the road that we had to have.
Very nice update @leofinance. These consistent and timely updates were a key draw to me in originally choosing to increase my stake in the LeoFinance community. I am particularly pleased to see the change to flat curation, although I know there are those who would say that also has its downsides ... Overall, a positive step!
Suffering significant loss in this LP hack, I will be patiently waiting for the referenced whitepaper explanation for what is uncovered. Frankly, this statement is mystifying to me, but I assume the whitepaper will spell out clearly how this was possible, given I thought I had seen references in Discord to these keys being on a Ledger ...
P.S. LeoFinance.io "Reply" button was not functioning ...
Things are actually gonna get better. The better and stronger @LeoFinance is coming out of this.
Posted Using LeoFinance Beta
great determination from your side; thanks for the update!
great job!
Great to hear about this update as this will surely encourage manual curation more often now
Posted Using LeoFinance Beta
Flat curation is how it should always have been. Well done!
Great update. Thanks!
Posted Using LeoFinance Beta
Great work, LEO team!
Posted Using LeoFinance Beta
Oh boy! I guess I have a question. A weird one!! :D
Haha, I dunno, but after all these 'interesting' hacking events. I can't help that some funny and wild thoughts comes and penetrate deeply inside my convoluted brain.
So, here I go to throw a daring question in the air to see who catch it. };)
Couldn't I or anyone else for that matter, just create a (broken on purpose) Uniswap Wxxx smart contract on the ETH blockchain with whatever token I have invented. Then fund and fill the Uniswap liquidity pool with as many of my own Wxxx shitcoins over there. And regardless of whether new investors contributed to expanding the Uniswap liquidity pool of my own xxx token, since I am actually in possession and obviously I know the private key used for the Wxxx contract and also the private keys of my @wrapped-xxx account?
Couldn't it be I, me and myself the one who could easily try to mint & print an unlimited amount of Wxxxs signing these with the actual private key I used for the Wxxx contract looking to obtain some economic or financial benefit from the whole experience as quick as possible?
If this is possible, then it seems to me that the flaw somewhat would have to be found in the Uniswap platform or on the ETH blockchain itself.
Oh yeah, excuse me if I'm just lucubrating and musing pure nonsense here. I really don't understand much about these matters. But if someone finds out that any of this is viable. You better never forget that I was the one who launched the wild idea and I would be interested in partnering with you on the launch of your brandnew wrapped shitcoin on time. So don't forget to let me know in time.
Because otherwise you won't live long to tell about it. };)
Cheers!!
LEO team, always working to bring more and more improvements.
Well done, folks!
It's a nice feeling to upvote this post late without having any disadvantages by doing so!
Now finally one can seek and read posts without any time pressure (and without that demotivating feeling that 'curators' who even didn't read the posts get the biggest part of the curation cake).
Well done! I really wished that soon also the HIVE curation curve would be changed!
Posted Using LeoFinance Beta