Community Diligence Review of VSTAR allocator

[filecoin-watchdog]

@DDUPA Allocator compliance report: https://compliance.allocator.tech/report/f03019863/1721404138/report.md

Allocations look good

No sign of KYC

Only one client, onboarding 15th+ copy of common crawl to Filecoin LINK - how is this copy justified as different then the others?

Example 1: https://github.com/FIL-VSTAR/v5-notary/issues/7

CID report: https://check.allocator.tech/report/FIL-VSTAR/v5-notary/issues/7/1718961740059.md

SPs not matching those provided by client. All Sps likely same Entity. Retrievals at 0% but client received 3.5PiBs. Allocator closed the application - flag flag flag flag

Consider further review of this client and SP IDs on other examples of abuse

[DDUPA]

@filecoin-watchdog

Thank you for pointing out the issues in our work. We highly value your feedback and are continuously reflecting and optimizing our processes. In response to your concerns, we have provided the following answers:

1、Regarding the retrieval issue: The client is not incapable of performing retrievals; the problem arises from their use of the Venus system, which is incompatible with Spark. We have recognized this technical hurdle and have decided not to collaborate with storage providers (SPs) using the Venus system until they resolve the compatibility issue with Spark, to ensure the continuity and efficiency of our services.

2、Regarding the suspicion of same Entity: This client has applied for allocations from six different notaries, indicating a pursuit of diversified cooperation opportunities. Questioning whether the six notaries and the client belong to the same interest group requires further investigation and evidence. Currently, there is no direct evidence indicating self-dealing.

3、Regarding the uniqueness of each copy?: Considering the vast size of the dataset and the extremely low probability of identical data pieces, we will conduct a check on the piece CID of the data after sealing a portion of it. If we find that the piece CID of a client's data is identical to that of another client, we will immediately cease quota supply to that client.

4、Regarding the KYC issue: At the time, we overlooked the KYC process because we believed that the client had applied for allocations from six different notaries, several of whom had already approved the client's application. Additionally, our communication with the client was primarily conducted through Slack. Regardless, this was an oversight on our part. In our subsequent work, we will rectify this by ensuring that all clients undergo rigorous KYC processes.

Considering the issues with retrieval, we have suspended the processing of this client's application prior to this.

[DDUPA]

To better manage the usage process of storage clients, if a client needs to add a storage client that is not on the application list, please submit an application at https://github.com/FIL-VSTAR/v5-notary/issues. Our team will review the client's application. If the application does not meet the requirements, we will not be able to approve the next batch of allocations.

[galen-mcandrew]

Based on a further diligence review, this allocator pathway is partially in compliance with their application

Specifically:

• Mixed evidence of diligence with clients (no verification of client claims)
• Subsequent allocations given despite noncompliant client deal-making, with minimal allocator intervention through comments
• No retrievability for datasets, despite claims of public open data by both allocator and client (not showing distributed network data storage utility)
• Datasets that currently exist in high volumes across other projects
• SPs not matching claims; some evidence of intervention and process check by allocator

Given this mixed review, we are requesting that the allocator verify that they will uphold all aspects & requirements of their initial application. If so, we will request an additional 2.5PiB of DataCap from RKH, to allow this allocator to show increased diligence and alignment.

@DDUPA can you verify that you will enforce program and allocator requirements? (for example: public diligence, tranche schedules, and public scale retrievability like Spark).

Please reply here with acknowledgement and any additional details for our review.

[DDUPA]

@galen-mcandrew

Thank you again for your review and trust. We confirm that we will execute according to all the requirements and aspects outlined in the initial application.