← BACK
MARCH 15
SECURITY
- Added security headers to all HTTP responses (CSP, X-Frame-Options, HSTS, XSS Protection)
- Input sanitization on all user-facing endpoints (strips HTML, script injection, event handlers)
- Rate limiting on register (3/min), login (10/min), quest claims (5/min), respawn, sell, and all socket events
- Prototype pollution protection on JSON.parse
- Path traversal protection for file operations
- Socket input validation with type checking and value clamping
- Banned user system with hot-reload (banned_users.json)
- 17 XSS/audit test accounts banned and filtered from all leaderboards
- All leaderboard names sanitized server-side and client-side
- DisplayName stripped of HTML at registration
- Updated Caddy configs for US and EU with security headers
NEW FEATURES
- Premium account system — Silver (5x), Gold (10x), Platinum (20x) quest rewards
- Premium membership badges on lobby with CSS glow effects per tier
- Premium badges on in-game leaderboard (S/G/P tags)
- Upgrade membership text links in lobby (tier-specific payment links)
- Premium multiplier display on quests page with tier banner
- Offline practice mode — full game running locally with sprites, music, and sound effects
- Version number display on login page
- Changelog page
FIXES
- Share buttons now navigate in same tab for Phantom browser compatibility
- Share state saved to localStorage — verify button shows on return
- Share buttons display on page reload for all quest types (grind, potion, coin, kill orders)
- Blank leaderboard entries fixed — empty displayNames fall back to userId
- Zero-coin accounts filtered from coins leaderboard
- Fixed duplicate ip variable in login endpoint
PERFORMANCE
- Pills render via pre-rendered offscreen canvas (single drawImage per pill)
- Pill batch canvas only rebuilds when camera moves 4+ px AND 500ms elapsed
- Gradual pill loading — 30 pills per frame from queue (no load spike)
- Stable pill store using Map with integer keys (no flickering)
- Local pill drops on death via socket event (instant visibility)
- Pill positions snapped to integers on server and client (no wiggle)
- Bot body repulsion loop removed (was 600,000+ distance calcs/sec)
- Bot AI think timer — recalculates every 300ms instead of every tick
- Bot turn rate reduced to 45% of player rate (gradual, natural movement)
- Far-away snakes (2x viewport) update every 2 seconds with heavy point thinning
- Pill send radius reduced to 800px with per-player caching
- Server tick rate set to 30Hz
- saveGuests() and saveQuestProgress() debounced to 2-second writes
- Death drops capped at 200 pills max, 50% of score
- Pill count target set to 1800 with 1.2x hard cap
MARCH 13 — 14
NEW FEATURES
- Quest system — 11 quests across Social Ops, The Grind, and Kill Orders
- On-chain SLPE rewards with Solscan-verifiable transactions
- Share-to-earn bonus system (+50 SLPE per share on X)
- Quest progress HUD in-game (gold text, flash on update)
- Quest claim with 24-hour window and retry on failure
- EU server setup with cross-region authentication
- Ping display under server buttons with color coding
- Auto-select lowest ping server on first visit
- "BUY $SLPE ON PUMP.FUN" button on game lobby
- CA address link on login page to DexScreener
- "$SLPE on DEX Screener" link on login page
FIXES
- SLPE claim uses correct __initSolana with requireFaucet
- Claim only marks complete after on-chain confirmation
- Bot AI rushes directly at player head when close
- Speed tuned — baseSpeed 117, boostSpeed 195
MARCH 9 — 12
RENDERING
- Snake bodies now have vibrant distinct colors (15 bot colors + green player)
- Head sprites upgrade with score (head.png → head2 → head3 → head4)
- Head sprites rotate with snake direction
- Name labels use Orbitron font, player name in green
QUEST REWARD UPDATES
CURRENT REWARDS
- Follow on X — 300 SLPE
- Join Discord — 500 SLPE
- Join Telegram — 750 SLPE
- Trench Assassin (3 kills) — 150 SLPE
- Trench Warlord (5 kills) — 200 SLPE
- Venom Chugger (5 potions) — 175 SLPE
- Bag Secured (10 coins) — 200 SLPE
- First Blood (1 player kill) — 100 SLPE
- Triple Threat (3 player kills) — 125 SLPE
- Trench Survivor (4 encounters + sell 200 pts) — 100 SLPE
- Apex Predator (hold #1 for 60s) — 350 SLPE
- Retweet + Comment — 500 SLPE
- Share bonus — +50 SLPE per quest