November 16th: Mini-update

stonehedge said:

Mini Update 16th November 2018 @channel

Vulnerability Identified and Mitigated.

Thanks to a diligent member of the community, a small but potentially problematic issue with the status of a spork was identified and fixed.

The vulnerability potentially would have allowed somebody to compile a custom version of the Helium wallet and steal node and PoS rewards. To our knowledge, the exploit was not used. No action by the community is required as the fix was issued using the spork system.

Enterprise Update

This week, I have started work on writing a requirements document to help inform our next design and development decisions. As part of the process of writing this document, I am talking to our potential future enterprise partners to get a better understanding of how they want to use Helium in the future. The approach of using real world use cases to dictate design can produce better quality solutions than defining a process and asking partners to fit around that proccess.

A draft of the requirements document will be completed next week and distributed amongst the team for internal review before being made available to the community for comment.

Development Update

@Moonshot has begun an effort to make the governance system easier to use for users of the Helium wallet. The plan is to include a GUI for viewing and voting on proposals.

teela said:

To add to the above: an anonymous community member approached me with the above last Monday and the issue was subsequently fixed. The community member did the right thing here. They could have kept the exploit for themselves for potential gain but instead they decided to alert us so the hole could be plugged before any harm was done. Because of that and the potential mess that was averted due to the actions of said community member we called together the Treasury on Monday morning and decided to pay out a 2000 HLM bug bounty. This is the tx that left the treasury