Hello,
Oops.
Seems that while checking why my cashed out coins did not appear on my balance (in fact it was cashed out but never showed in the Android app, because the wallet did not find any peers but showed to be fully synchronized...), I accidentally "hacked" the script that handles the cashouts... (not really, but I accidentally made it pay me more than I wanted/deserved...)
https://prohashing.com/explorer/Bellacoin/883c18f0740ad589463d6e61b0ab901244228fcb6d5a27498055a3f9244137c1/Feeling guilty like a little boy who accidentally broke the sandcastle built by his peers, I decided to return 98% of that 10000 BELA back to your announced Donations address:
https://prohashing.com/explorer/Bellacoin/d34e16a2f35a20993824f519973d4f02631172c916b6246039e8bf60bcce300b/Hope you are fine that I keep 200 BELA for the hassles I had.
I won't describe in more detail what I did (if you want details, please drop me a private message) but in general check the input parameters of your script better for consistency. [Against a truly malicious attacker, certificate pinning would also help.]
It might also improve the user experience if the included wallet was of the "light" kind (only downloads transactions for its own address) instead of "full" (downloads all blocks), and especially if it showed an error in case it was not able to sync (instead of just showing 0 BELA).
[I used the Windows cliend linked in this thread - which took some hours to sync - to refund the amount, that's why it took so long...]
Regards, and good luck with your project anyway,
mihi
