offpolicy

Beau, I respect the uncompromising focus on user safety; if users took that upon themselves we wouldn’t need this conversation, so you are being the change we need to see in the space and that should only be applauded. But I’m having trouble with your logic here: If we were to tell people, “go use the protocol to get a future airdrop”, that would be fair game right? Been a standard part of the protocol growth playbook since the days of Yearn. However, using the protocol usually requires one to connect a wallet, approve some tokens, and then actually submit on-chain transactions. I don’t think one would argue that asking people to use their protocol would equate to leading them into the arms of scammers; the great thing is, we’re asking them do even less. No on-chain transactions, no token approvals, just connect a wallet, sign and qualify! Pretty cool. And we both know that wallet popups 𝘴𝘩𝘰𝘸 𝘺𝘰𝘶 𝘦𝘹𝘢𝘤𝘵𝘭𝘺 𝘸𝘩𝘢𝘵 𝘺𝘰𝘶 𝘢𝘳𝘦 𝘴𝘪𝘨𝘯𝘪𝘯𝘨. Let’s disabuse ourselves of the notion that signing anything could lead to losing your funds, because it discourages people from using their own eyes and thinking critically at the actual moment of time of signing. If it doesn’t look like structured data - and 𝘪𝘯 𝘰𝘶𝘳 𝘤𝘢𝘴𝘦, 𝘪𝘵 𝘤𝘭𝘦𝘢𝘳𝘭𝘺 𝘥𝘰𝘦𝘴 𝘯𝘰𝘵, 𝘪𝘵’𝘴 𝘫𝘶𝘴𝘵 𝘢𝘯 𝘢𝘥𝘥𝘳𝘦𝘴𝘴 - it’s overwhelminglly likely to be safe. Safer than encouraging people to make token approvals and farm the protocol, which describes dozens of “pre-airdrop” campaigns open at this very moment. Now one could say, well that’s fair, but phishing sites could swap our harmless payloads with harmful ones, and the added time pressure might increase susceptibility for those who leap before they look. On your feedback, we’ve addressed that; now there’s a raffle, with pre-announced winners, and a pre-announced claim window. Boom, check on this day if you won, and if you did, just set a reminder on your phone. You've got time now. And again, in many of these other campaigns, time pressure 𝘳𝘦𝘮𝘢𝘪𝘯𝘴 an issue; how many times have you heard protocols use messaging like, “we’re raising the caps, get in before they’re full!”. In conclusion, I posit to you that given our setup already, which involves low-touch qualification requirements and reduced time pressure - again, thanks to your feedback! - we’re 𝘴𝘢𝘧𝘦𝘳 than the large majority of airdrop campaigns that have run in history and are currently running. We think our setup is fair and balanced, we’re proud of it, and we’re excited to continue being leaders in security in the space; as we’ve been over the past 2 years, with over six audits from best-in-class firms (all available on Github and in our docs), multiple completed crowd audit contests, and an open bug bounty program which has paid out over $50,000 to whitehats since our initial protocol launch, all without losing user funds. I respect what you’re doing but given the points explained above your position is reaching the point of disingenuity. We’re on the same team; let’s work together constructively to empower people to 𝘤𝘰𝘯𝘥𝘶𝘤𝘵 𝘳𝘦𝘢𝘭 𝘳𝘪𝘴𝘬 𝘢𝘯𝘢𝘭𝘺𝘴𝘪𝘴, explore the wild and wonderful space of on-chain NFT finance, and protect themselves all at the same time. Cheers fren 🤝

That would mean there would need to be 4000 unique "bot" wallets all holding eligible NFTs. Given that organic distribution was one of the main criteria for qualifying communities I don't think that's the case We do encourage every eligible holder to be ready to act fast, and automate contract interaction (i.e. "bot" it) if it's within their skill set. Can help avoid UI-based phishing attacks this way as well