TLDR: Don’t click, or at least don’t meaningfully interact with, Tumblr and DeviantArt connections on user profiles on SRC, as they make you vulnerable to phishing attacks if you try to log in to your account from there. If you don’t believe me, check the Tumblr and DeviantArt connections on my profile, which are implied to go to their respective sites, but clearly don’t.

A few weeks ago, I discovered a bug that could lead to phishing attacks on Tumblr and DeviantArt through SRC, and I reported it to the Support Hub and (the supposedly inactive) security@speedrun.com email. The bug report was marked internally as resolved, yet it still exists as a problem, even after the recent bug fix update, implying that Elo doesn’t see a reason to issue a fix for it. Therefore, I’m just gonna talk about it now so that SRC’s users are aware of it, and hopefully encourage Elo to fix the bug in the process.

Without getting into too much detail, you can put any URL you want in the connection field for the two platforms, and if you put a ? after the URL, any user who clicks the link will be directed to that user specified site, while SRC makes it look like it’s guaranteed to be the website that the icon represents. If a malicious user were to use a lookalike domain (like tumbir.(com) or devianlart.(com) for example), recreate the look of the website, and then ask for credentials, they would manage to convincingly fool users into giving their credentials, using the implied safety given by SRC and Elo. For the time being, until a fix is made, I wouldn’t recommend interacting with Tumblr or DeviantArt connections on profiles, or at the very least not inputting your credentials unless you’re sure that it’s the official site that it’s supposed to be.

Note to Elo staff: Please consider having more correspondence between reporter and staff, like whether or not the bug is being fixed or what reasons there are for the bug not being fixed, especially ones that put user safety at risk :) also bring back the security email thank you

I'm familiar with the process of requesting a game on SR.C and I understand that there is a place where I can check the status of the game request and have the option to withdraw it in the "Pending Actions" tab of my profile. Following this update, and after making a game request through the new Support Hub, I cannot find a confirmation anywhere on the website or in my email. Where am I supposed to go to see my request information?

Is there a reason for the variable for Device (PC, Console, Mobile) to exist, since it's clearly visible from the platform anyways? I'm assuming that it was supposed to be like the Bedrock boards where there are subcategories for each device, but if that's not intended for these boards then does it really need to exist?

Is it possible for missions and individual levels from the Story Mode to be added to the boards, as well as a split for all categories for Bhop Script and Scriptless, much like other old engine games? It's a shame that the boards for this game don't have much effort in them, especially since Any% has no rules specified. I'd love to see it get updated soon.

Just asking whether or not categories such as Two Star and One Star will be added to the Level Leaderboards.