gitcoinbot
commented
4 years ago Issue Status: 1. Open 2. Started 3. Submitted 4. Done
This issue now has a funding of 777.0 DAI (777.0 USD @ $1.0/DAI) attached to it as part of the AdExNetwork fund.
- If you would like to work on this issue you can 'start work' on the Gitcoin Issue Details page.
- Want to chip in? Add your own contribution here.
- Questions? Checkout Gitcoin Help or the Gitcoin Slack
- $68,721.73 more funded OSS Work available on the Gitcoin Issue Explorer
cankisagun
Ivshti
vs77bb
jules
Prize title
PoC for resource-bound bot prevention (fraud resistance)
Prize Bounty
777 DAI
Challenge Description
Problem
Online advertising is plagued by all types of fraud. One of the most prominent types is bot traffic and/or click fraud.
Simple methods of estimating user uniquiness such as using an IP do work, but are ultimately unsound because (1) users can share a single IP and (2) multiple IPs can be bought/rented through proxy networks.
The main problem we want to address here is that: despite the validator limits, if you have a sufficiently large pool of IPs, you can keep POST-ing IMPRESSION/CLICK events, and they will be recorded.
For background on AdEx, see AdEx protocol. Please read this before starting work, it will give you essential context on how to build the solution.
Solution
It's fundamentally impossible to distinct bot traffic from human traffic (without methods that compromise privacy, such as KYC), but it is possible to make bot attacks more expensive without impacting UX for end users.
Initially, a property in
campaignSpecwill be added to enable the mechanism. When enabled, the validators would check for a PoW solution upon eachpostEvents(implemented in Sentry'saccesslib). It should work alongside the limiting mechanisms already present in theaccesslib (IP rate limiting).What will be submitted is a
saltand ahash. The hash must be a solution to some configurable difficulty, and the preimage must be(salt, publisherAddr, eventType, timeFrame, IP). This way, you can't reuse solutions for different IPs/timeframes./publishers.The solution would be computed in the AdView using WebGL, leveraging GPU parallelism as much as possible, to prevent CPU-only servers being efficient.
Furthermore, there could be a minimum size for the salt parameter because most residential IP proxy services are priced by data (e.g. 15$ per GB that's 50k impressions, so 20KB per impression.
The ultimate goal is to make bot-based fake traffic much more expensive, therefore rendering them economically unviable.
PoW algorithm
It has to be decided what PoW algorithm will be used.
Essentially it boils down to: identify a hash/PoW algo that would be efficient on a GPU but inefficient on CPUs and can be implemented in WebGL, and then implement it.
ProgPOW or RandomX may be a good fit for this.
Submission Requirements
Develop a proof-of-work library that is more efficient to run on the GPU through WebGL than on a single DigitalOcean CPU core (General Purpose droplet).
Apply it in the AdEx stack by submitting relevant PRs to the AdView and the Validator. Make in an optional feature triggered by a flag in
campaignSpecand verified in the validator'saccesslibrary.A PR must be made to the following repositories:
Submission Deadline
30/03/2020
Judging Criteria
Because of the complexity of the task, each submitted solution will be looked at individually to judge it's potential to prevent bot-based ad fraud.
The solution must be more efficient on a GPU through WebGL than on a CPU natively, and must be able to be computed in the browser without blocking the page.
Winner Announcement Date
15/04/2020