Retroactive Funding, March 2023

Nominations are closed. Voting is live until 15Mar.

Vote here:
https://snapshot.org/#/unlock-protocol.eth/proposal/0x8c6943fe65485c73a97fb5ec1f0d4e37799d04a0efafb1928eddab993073ae82


It is time to reward members of the Unlock community who you think created the most value in the last month for the protocol and its community!

You have until March 8th to submit yourself or anyone’s address. After that, all token holders will have 7 days to vote (using Snapshot’s gas-less voting) on these addresses. When you submit someone, please include their Discord handle.

Anyone who receives more than 1% of the quadratic votes will be receiving their share of the 100 UDT allocated.

Please share their Discord handle and addresses and why you think they deserve to be retro-actively funded for their involvement during the month. Examples and pointers to participation are encouraged in the “why.” Examples and pointers help others in the community understand the context for the nomination.

We also have the The Locksmith Leaderboard for February:

The Locksmith Leaderboard highlights active members of the Unlock Protocol community. Through participating via design, development, helping others in the community, sharing the Unlock Protocol story, and many other ways, Locksmiths are the core of Unlock Protocol and help propel the project forward.

The most visible places where Locksmiths engage with the project and each other are on Github (adding issues, submitting pull requests, creating projects that integrate Unlock), on Twitter (sharing and mentioning Unlock Protocol in their social media activities), and in the project Discord (responding to and answering question threads). The Leaderboard also attempts to capture longevity of participation in the community, as well as consistency of participation over time.

You can read more on The Locksmith Leaderboard page on Notion.
https://unlockprotocol.notion.site/Locksmith-Leaderboard-c620b5b00e2d404d9f1a20f2e11130d8

We hope the Locksmith Leaderboard can give you some visibility into the breadth and depth of individuals who are active in the Unlock Protocol community and provide some context as you are making your nominations for retroactive funding. Like everything, the Leaderboard and the retroactive funding process will evolve over time.

Looking forward to seeing your nominations!

1 Like

Hi everyone, I would like to nominate myself this month. The reasons are the next ones:

  • This month I have been testing the entire product and proposed some visual improvements.
  • I have reported a security vulnerability found in the forum platform.

My wallet is: 0x8631961594077e0eD6C998999718723DBA8D272d

Thanks.

3 Likes

I would like to nominate Heather (Country_GirlNFT / CoinQueens) for retroactive funding for February. During the month of February, Heather’s CoinQueens project implemented Unlock in the following ways

Delivered a one hour video overview of Unlock to the CoinQueens community

Airdropped Unlock-powered Proof of Attendance tokens using Unlock’s new airdrop-to-email feature to members of the CoinQueens community
https://twitter.com/web3heather/status/1626048843081981953

Set up the CoinQueens Hive monthly memberships using Unlock during February 2023
https://opensea.io/collection/coinqueens-the-hive-monthly

Convened The Hive with Geneva, a web3 community platform
https://coinqueens.io/

Heather is walking the talk and using web3 tools to help bring education and amplification to women in the web3 space.

discord: Country_GirlNFT#1983
address: 0x40934d00da8a38ffc2ec0391faaab494c43041c5

3 Likes

Aside from now being No1 top community contributor on the monthly chart for 5months consecutively, here are some other things I contributed to the community in February 2023:

Been very active with Unlock protocol Wordpress community, I observed that the current Unlock Wordpress plugin is due for an update with a lot of features requested by the community and some posted as issues on the unlock wp plugin repo here https://github.com/unlock-protocol/unlock-wordpress-plugin/issues has been unfixed for several months now. So, decided to start working on the plugin.

First:, I created a thread in the Unlock official discord Wordpress channel for the Unlock community to post features they want to see added to the Unlock Wp Plugin here https://discord.com/channels/462280183425138719/1075060963906175028

Second: I worked with Julien to have the Unlock wp plugin repo overhauled and introduce using localwp for contributing developers to the plugin which now makes it easier for devs to contribute.

Third: I detected security flaws in the Unlock wp plugin and reported to Julien which he said is now fixed. You can see a short video I did to show the vulnerability which helps know where to patch:
https://github.com/unlock-protocol/unlock-wordpress-plugin/issues/63

Fourth: I keep pushing Unlock on my social media (Twitter) by consistently interacting with the official Unlock handle, with retweets, mentions and comments on almost every tweet from it.

Discord: Foskaay#1594

Wallet: 0x7B6DDE23a733D7a2BBb36258C03BEf796276eBa9

Thank You!

2 Likes

Hi Foskaay,

I have reviewed what you mention is a vulnerability in the wordpress plugin and it is incorrect.

In the video you show the error in the PHP function of the unlock-protocol.php file that I understand is what Julien has fixed in the github issue.

Then you show how you navigate through the wordpress wp-content directory showing the folders and files. This is not a vulnerability in the plugin but in how the PHP is configured on the server where you have been testing.

To solve it, you can do it by applying the following configuration in your apache or ngix config file:

Options-Indexes

Or creating a .htaccess file in the root where the test website with the plugin is hosted.

I really appreciate your input but I think it was important to clarify those points.

Bests.

@rwalls As a developer, I don’t expect you to try to Waterdown my effort in pointing that out and having it fixed as a security vulnerability.

First, vulnerability is classified into different stages like how severe it is. It might not be considered a severe level vulnerability but that does not make it not to be.

Second, who is Unlock plugin’s main target audience? Is it just developers like you and I or majority are non-developers (creators). Since it is used more by creators than even developers, how many creators understand to even check their hosting file access permission you mentioned above, talk of now following your instruction to add the code configuration? Not many, that’s if any of the creators at all.

When they activate Unlock plugin, they trust the developers behind it has done everything possible to keep their website secure and not have any loophole that attacker then use to gain access.

There are other plugins on the same hosting, I showed in the video, did you observe that they have secured their plugin and couldn’t browse their plugin folder? I did not have to set up anything because they have ensured basic security vulnerability like that has been taken care of by the plugin developer not hoping the user will always have file permissions that will cover the loophole.

In summary, it is technically a vulnerability as it not good and could be entry point for users website to be exploited since not all the plugin users are developers.

So, please, as much as I appreciate you checking it out. this type of water down approach will make me and others to see other flaws in future and ignore it to the detriment of the protocol.

Regards!

I think you should read my answer again and try to understand what I have put and what is the origin of the problem.

Thanks again for your contribution.

Bests!

@rwalls I read your message and replied accordingly. It’s just good I set the record straight that what I reported was actually a security vulnerability.

The classification based on Unlock may now be that it is not severe but to say you are making it clear that it is not a security vulnerability is why I also had to clarify things, especially for Unlock community members reading our conversation that are creators and not developers and would just take your word to mean I raised a false flag which was not so.

Regards!

I would like to nominate myself for actively promoting Unlock Protocol in my community and social media.
Address:
0x224de3b8D173956f702B72b8de6dc070C3EFD603

1 Like