Goerli Authenticated Faucet unable to dispense funds

[winksaville]

faucet.goerli.mudit.blog is unable to dispense funds and is reporting "Insufficient funds for gas * price + funds". It has been broken for two 2 days.

The work around has been for several of us to request funds on the gitter channel and @roninkaizen has been kind enough to send funds.

[prestonvanloon]

This faucet has been extremely abused. It seems the faucet has been drained with more than 150k transactions in only 3 weeks. With the minimum transaction size of 6 ETH, this is 900,000 ETH that was drained. The majority of transactions are more like 37.5 ETH.

I suspect the ETH is in the hands of a few abusers and I recommend to the faucet operator cease operating this faucet indefinitely.

[prestonvanloon]

I see that @roninkaizen funded this faucet with 6k ETH and that was drained within 2 hours. No one should fund this faucet in its current state.

[winksaville]

I will plead guilty to using this source for 37.5 ETH in order to test ETH 2.0 with lighthouse on prater. The first time a week or so ago I had no trouble using the site. Then late last week I decided I wanted to test how lighthouse works with multiple validators for which I need another 32 ETH for each. For the second validator I couldn't get the ETH from the faucet, but @roninkaizen was kind enough to supply them for me.

I don't feel it's deseriable for @roninkazen or a few other individuals to be burdened with doling out ETH. I assume this is a reasonble use for Goerli ETH, what other mechanism can be used to secure ETH for this type of usage?

[prestonvanloon]

One idea is to have a ETH2 deposit faucet where you can paste in your deposit data and the faucet/bot will make the 32 ETH deposit on your behalf. This serves the purpose of ETH2 testing without the high risk of misuse or abuse of the faucet.

[maxsam4]

One idea is to have a ETH2 deposit faucet where you can paste in your deposit data and the faucet/bot will make the 32 ETH deposit on your behalf. This serves the purpose of ETH2 testing without the high risk of misuse or abuse of the faucet.

This takes away from the original experience of testing and still doesn't really solve the problem. The bots can automate generating deposit data relatively easily. The abuser(s) are not using the GoETH they have accumulated. The only real solution I see is to reduce the drip amount to a very small number.

FWIW The faucet already has more protection than the Rinkeby faucet:

• IP rate limiting
• Eth Address rate limiting

[winksaville]

Hmm, sounds good except I think instructions, such as Obtain testnet ETH at coincashew.com would change. And, I think, more importantly that means the prater launchpad instructions would end up being different as the "Upload deposit data" and "Connect wallet" would be removed, correct?

[prestonvanloon]

The only real solution I see is to reduce the drip amount to a very small number.

This will only slow down the attacker. 130k transactions in 3 weeks is significant.

still doesn't really solve the problem.

Actually, it does. An attacker can't abuse the GoETH since it can only go to the eth2 deposit contract. I agree, this would be a different experience and does not solve the problem of "how do I get GoETH for arbitrary testing on goerli?". My solution only addresses how to stop the abuse while allowing ETH2 testing.

[maxsam4]

This will only slow down the attacker. 130k transactions in 3 weeks is significant.

In reality, it does not slow down the pure "attacker" because they can keep attacking and draining in parallel. My point is that there is no pure "attacker" on the testnets right now. The recent spam was due to the fact that ethswarm allowed people to profit from the spam. As long we can slow down the drip to not be profitable, we should be good.

Actually, it does. An attacker can't abuse the GoETH since it can only go to the eth2 deposit contract.

There's already enough GoETH in hands of bots that they can keep Goerli spammed for a long while. Also, a pure attacker does not need to get their hands on GoETH as long as they can keep making the faucet do the spam on their behalf.

My solution only addresses how to stop the abuse while allowing ETH2 testing.

What Abuse does your proposal stop? As long as their is an API you can hit to do a tx for free (faucet), you don't need any GoETH to spam the network.

[prestonvanloon]

In reality, it does not slow down the pure "attacker" because they can keep attacking and draining in parallel. My point is that there is no pure "attacker" on the testnets right now. The recent spam was due to the fact that ethswarm allowed people to profit from the spam. As long we can slow down the drip to not be profitable, we should be good.

The ethswarm airdrop period ended on June 21, yet the faucet is still being drained very quickly. I don't think ethswarm is to blame. Attackers will drain a faucet until there is nothing left for any reason. Set the drip to 0.1 and you'll probably see an even higher number of transaction frequency.

There's already enough GoETH in hands of bots that they can keep Goerli spammed for a long while. Also, a pure attacker does not need to get their hands on GoETH as long as they can keep making the faucet do the spam on their behalf.

What is your point here? Let these parties have more GoETH because they already have so much?

What Abuse does your proposal stop? As long as their is an API you can hit to do a tx for free (faucet), you don't need any GoETH to spam the network.

My proposal makes 1 faucet drip equal to 1 goerli transaction for ETH2 testing. Giving out 37.5 ETH means that an individual can use this ETH to make many arbitrary transactions, including transactions to grief, spam, or simply hoard ETH so that no one else can use the faucet.

The mudit faucet has given out 10M goerli ETH in less than 2 months. What is a valid use case to give out so much ETH? That's about the same amount as both current ETH2 testnets combined. It's clear that users of the mudit faucet are not using it for ETH2 and I think this faucet is dangerous to continue operating as it does today.

[maxsam4]

The ethswarm airdrop period ended on June 21, yet the faucet is still being drained very quickly. I don't think ethswarm is to blame. Attackers will drain a faucet until there is nothing left for any reason. Set the drip to 0.1 and you'll probably see an even higher number of transaction frequency.

Rinkbey has weaker protection but it has not been drained because there's no way to convert Rinkeby ETH to real money. The spam on the goerli faucet started after Ethswarm rewards were announced. It was working fine for like 2 years before that. You can trace the Spam drips to being used for Ethswarm stuff. Sure, some bots that were setup during Ethswarm are still active and spamming. I am literally receiving over 2 million requests per day on the faucet and over 10 million on my RPC endpoint. However, the numbers are steadily decreasing.

What is your point here? Let these parties have more GoETH because they already have so much?

My point is that your concerns are misplaced. "a pure attacker does not need to get their hands on GoETH as long as they can keep making the faucet do the spam on their behalf."

My proposal makes 1 faucet drip equal to 1 goerli transaction for ETH2 testing.

Except now the attacker can simply send a gazillion of these requests which will not only spam the goerli network but also prevent people from testing eth2 (since only a limited number of new nodes can come up).

The mudit faucet has given out 10M goerli ETH in less than 2 months. What is a valid use case to give out so much ETH? That's about the same amount as both current ETH2 testnets combined. It's clear that users of the mudit faucet are not using it for ETH2 and I think this faucet is dangerous to continue operating as it does today.

Nobody said that these drips have been used mainly for eth2. As I've said before, these are being used by bots to gain ethswarm rewards. You can fairly trivially track these funds. Since the day the spam started, I have been suggesting to drop support for eth2 testing and limit the drip to 0.1 ETH. See the gitter validator chat for details. Nobody is suggesting to continue dripping 37.5 ETH.

[bakeiro]

Hi!

Rinkeby goes super slow for development, ropsten the same, kovan it's not available in alchemy api, and goerli faucet it's not working... there is any solution for this?? (faucet in this case, also if someone has an advise for this situations are also welcome ;) )

[q9f]

Some Chinese billionaire believes that Goerli Ether will be used for Eth2 staking in the future. So now, there is an army of people trying to sell him Goerli Ether from wherever they can get them, and therefore all our faucets are being drained. It sucks.

Post your address. I can help you out.

[kingliu8888]

Some Chinese billionaire believes that Goerli Ether will be used for Eth2 staking in the future. So now, there is an army of people trying to sell him Goerli Ether from wherever they can get them, and therefore all our faucets are being drained. It sucks.

Post your address. I can help you out.

0x06b9F606496b6CF2F6E0c2c7093Ba0631cc5b48C

[xianm-sudo]

Some Chinese billionaire believes that Goerli Ether will be used for Eth2 staking in the future. So now, there is an army of people trying to sell him Goerli Ether from wherever they can get them, and therefore all our faucets are being drained. It sucks.

Post your address. I can help you out.

0xB27Bcd4dE3E447056bD99e5758F1D602F6c2090B

[Kvenessa]

Some Chinese billionaire believes that Goerli Ether will be used for Eth2 staking in the future. So now, there is an army of people trying to sell him Goerli Ether from wherever they can get them, and therefore all our faucets are being drained. It sucks.

Post your address. I can help you out.

Can you please send eth to this address 0xA49803F5A87e6eAc1A37A18B0149d59Cef9D0E11

[sandy-sung-7senses]

Some Chinese billionaire believes that Goerli Ether will be used for Eth2 staking in the future. So now, there is an army of people trying to sell him Goerli Ether from wherever they can get them, and therefore all our faucets are being drained. It sucks.

Post your address. I can help you out.

Thank you so much 0x08A0bDE0976F452e922a5e7d476ca21458064cCa

[Semapho]

Some Chinese billionaire believes that Goerli Ether will be used for Eth2 staking in the future. So now, there is an army of people trying to sell him Goerli Ether from wherever they can get them, and therefore all our faucets are being drained. It sucks.

Post your address. I can help you out.

This has seriously affected developers' testing. Can you confirm this false statement, so as to reduce this endless consumption. My address, thank you: 0x35c1a59318c2bfc17586e2b7eb9dfc4db8689c67

[q9f]

Closing in favor of #97