Pure Sports. Real Rewards.
Another massive week of building at SportsBlock. 20 commits landed across security hardening, new features, critical bug fixes, and infrastructure improvements. Here's what shipped.
Highlights
Server-Side Drafts
Drafts have been moved from browser localStorage to the server-side database. Your drafts now sync across all your devices — start a post on your phone, finish it on your laptop. Full CRUD API with session authentication and ownership verification. Thanks to 
IPL Cricket Match Threads
Live IPL cricket match threads are now powered by the ESPN API. Follow along with live match discussion, post your hot takes as Sportsbites directly into the match thread, and watch the action unfold in real time.
Google OAuth Fix
A nasty redirect loop was blocking new Google sign-up users from getting into the app. The root cause was a race condition between NextAuth session reads and our auth bridge — the app was redirecting users to the landing page before their session was picked up. Fixed with a pending state that keeps the loading screen up until the bridge resolves. No more infinite loops.
Comprehensive Security Review
A full code review landed with 2 critical, 5 high, and 3 medium fixes:
- CSRF protection added to all 13 IPL Boundary BlackJack, Last Man Standing, and Drafts write routes — previously unprotected
- Staking rewards retry bug fixed — distributions beyond the top 100 stakers were being silently truncated
- Zod validation replaced manual typeof checks across 8 API routes
- N+1 query batched in IPL BB match resolution
- Error logging added to 8 swallowed catch blocks across badge and prediction routes
- New Prisma indexes on
IplBbPick.username,IplBbMatch.status,LmsPick.result - Dead code cleanup: unused hooks, abandoned feature folders, duplicate files
Prediction & HiveSigner Fixes
- Server-side dedup guard prevents double-submit on mobile Keychain browser
- HiveSigner sign popup no longer fails with "no transaction ID" — uses hive-uri template syntax and account history fallback
- Stake retry now uses exponential backoff so tokens already on-chain don't get silently lost
Brand & Motion System
- New BlockchainSpinner component — hex SVG spinner reserved exclusively for blockchain write operations
- 10 pages migrated from full-page spinners to skeleton shimmer loading
- Animation durations aligned to brand tokens across the app
- Win-state spring animation variant added for MEDALS counter
Other Notable Changes
- GAA sport category added for Irish sports fans
- In-feed ads added to the Discover page (every 10 posts, matching existing feeds)
- Privacy/Terms redirects —
/privacyand/termsnow redirect to/legal/*paths for external service compliance - Twitter/X card image updated with cache busting
- BaseModal focus trap fix — inputs inside modals no longer lose focus on every keystroke
- Masters contest card and marketing assets added
- Auth components scaffolded — new heading, email, Hive wallet, and username prompt UI components
- HiveSigner test suite — 26 new tests covering token management, OAuth broadcast, and sign popup flows
- Marketing pipeline — full CSV-driven Buffer API pipeline with 156 tweet variants, auto image attachment, and scheduling
By the Numbers
| Metric | Value |
|---|---|
| Commits | 20 |
| Lines added | ~12,200 |
| Lines removed | ~2,000 |
| PRs merged | 4 (#49, #51, #52, #53) |
| Security fixes | 10 (2 critical, 5 high, 3 medium) |
| New test cases | 33+ |
MEDALS Token Allocation
SportsBlock's MEDALS token economy continues to grow and 307 tokens were allocated to MEDALS stakeholders last night.
The rewards distribution account (sportsblock) holds 5.25M liquid MEDALS reserved for ecosystem rewards.
Marketing Pipeline
I am playing about with Figma so that all competitions / predictions are coded on brand and also presented to social media on brand also to build a brand identity. Google Adsense is coming soon and adverts will be on every 10th sportsbite adding another sink to purchase MEDALs with.