Road Map Maintenance & Email Spoofing & Seagrass Announcement & Gifts for Voters.
Road Map Maintenance 👷
Hello Scallopers, after some internal team meetings, we decided to adjust our Road Map and will release a new version of it. The reasons for the adjustment are:
- We are continuing to deepen the plan of how all Scallop tokens (SCA & Scallop Decorations & NFTs Decorations) interact with our token model, maybe include buyback, burning, staking and the supply amount cycle.
- The content of on-chain program involving the token model will be more complicated.
- The cycle of internal testing and security testing of on-chain programs has been extended.
- For our current Scallop Tank, although we already can see Scallop Decorations in it but we want them to be more animated so we are having some optimization with it.
- We did overestimate our speed in some parts.
At the same time, we also do the team self-review, and catch an engineer called Nathan for Scallop after Bacis join us, the new blood joining will speed up the pace of our project too.
We believe that these process and adjustments will make everything about Scallop more valuable in the future, and our target of Q4 2021 currently will only be one, which is to launch Scallop on Solana dev-net, after it we will have a Road Map V2.
Email Spoofing 🕵
The story is about a security researcher sent us an email about there is an email spoofing vulnerability on Scallop.io, Scallop team immediately analyzed the vulnerability and the vulnerability is CVE-2019–1955, it’s an existing vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated remote attacker to bypass configured user filters on the device, the mail-app will notice the user about this mail is suspicious, and the mail’s avatar will also be a red alert mark to notice the user.
The reason for why user can receive this mail is we chose “~all” not “-all” to be the end of the SPF record, the difference between them is:
- When an SPF record includes ~all (softfail qualifier), receiving servers typically accept messages from senders that aren’t in your SPF record, but mark them as suspicious.
- When an SPF record includes -all (fail qualifier), receiving servers may reject messages from senders that aren’t in your SPF record. If your SPF record isn’t set up correctly, the fail qualifier might cause more messages from your domain to be sent to spam.
Scallop team chose to use “~all” is because almost all of the email app will detect the spoofing email from some existing vulnerabilities (ex: CVE-2019–1955) and notice the user about “this is suspicious!”, and also if we use “-all”, the emails sent by real Scallop team will have a higher chance to be in the spam box.
But we also think that we should let the security level of everything about Scallop be higher too, so we changed the SPF record setting to “-all” and decided to give a Scallop Fossil Decorations to the security researcher for the reward of the report, and Scallop team will also design a Scallop Bug Bounty in the future.
Seagrass Announcement 🌱
We minted 100 Scallop Seagrass Decorations 🌱 for some occasional giveaway events, and changed the max supply from “Unlimited” to “10000 (Tentative)”, by the way the current supply of Seagrass is 538.
We will create a Serum market for Seagrass in the future because we think we will need it and now it’s not a good time.
Click to know What are Scallop Decorations?
Gifts for Voters 🎁
This event has been cancelled and upgraded. For the latest information, please check:https://scallopio.medium.com/scallop-news-episode-001-2dae1e41f67b
The address which voted ≥ 2 USDC in accumulation for Scallop at Solana Ignition Hackathon Asia Division, will get a Scallop Seagrass Decorations 🌱 and the top high 20 vote value address will get a secret prize. After the voting event is ended, they will get the gifts in several days.
The address which voted ≥ 1 USDC in accumulation for Scallop at at Solana Ignition Hackathon Asia Division, will share out 100000 SCA evenly after SCA launched, the address which had Scallop Fossil Decorations 🗿 can get a double amount compare with the address which didn’t.
For example, if the amount of voters address is 487 and the voter address with fossil is 350, voters will get: 119.5 SCA and voters with fossil will get 239 SCA.
Also means if you voted 5 USDC or 10 USDC for Scallop with two address, and both of them didn’t have a Fossil, they will get the same amount of reward SCA.
We will take the reward SCA from the “Ecosystem / Community” part of SCA Token Model (Click to check it). You can treat it as a kind of retrospective airdrop because this part will be sent after SCA Token Launched, so voters need to wait for it for a while.
And there is no form need to be filled by voters, we will check Solana explorer and do the blockchain scraping, you can also check the voting transaction for Scallop here : https://explorer.solana.com/address/3rXHdF7CfwG6K2VVFpvBRwdbRwyR5Zn7kQhLgxn4mjk7
The voting event will end at 2021/10/31 20:00 (UTC+8)⏳.
How to vote for Scallop at Solana Ignition Hackathon Asia and more details of it🔥:
https://scallopio.medium.com/how-to-vote-for-scallop-at-solana-ignition-hackathon-asia-214bdf1871c8
Join Scallop community now 🎎 ⬇:
Twitter: https://twitter.com/Scallop_io
Telegram: https://t.me/Scallop_io
Discord: https://discord.gg/F7umecFArJ
Instagram: https://www.instagram.com/Scallop.io
Facebook: https://www.facebook.com/Scallop.io
