search

hop-protocol / hop-airdrop

Hop Airdrop distribution 🐰
177 stars 220 forks source link

Sybil Attacker Report #121

Open a0910841082130913312 opened 2 years ago

a0910841082130913312 commented 2 years ago

Related Addresses

0x71438095fe68e1e1cacb3a470bef55b33cdd2253
0x94546881298ca3484cbb8f969ce5c0bbe7dbfb5c
0x6f9dddcc087f8d136716b85bf7416793e99e1c0d
0xa2b141f6a6051a2672b782027c43fd9146c078b2
0x6cce4fe00bab9668c7e26f338ee19008ebc80e2a
0x8f7c359888695403b884fd4bcdcbb33249a64f78
0xf5f6eef0e8d7a30ebbaf13f1a09bc7f6540d613d
0xbe39d615bc07b0d7b8a4ea30d43e9fb1e682903f
0x83135a42efc271d1541cc1232396317560184651
0xa3df2698fe0f66ddbc96cadc43cbadaa02e390e0
0x3e49481cf7973ddd1561da60800e818c2ca75d2a
0xba1e75d019dd010088b1e92bfab4fa75d84d6252
0x8acf4e1a486f6e677bb1ac444a7ed7213c3a5a7e
0xc5f73457b71469b47d813f1e61374cb02a9330bf
0x375e41c1f7133e03252d32427bf40645cb843353
0xe3641edd8610f74ab9c27312129dae9311e4daba
0x6b2426646cf46bf0444309219913eaa4dc0ce21e
0xc2a3c0299fe1307ceae95285f14803d1fc939954
0xd39b4aeadbbfeb2136c6902201421b9ba3cc508d
0x3d70f3920d964d04d46671fa662a69398d2eaa00
0x3168a9334c9106bcc947b4ac0818eb1613b91e64
0x8c327497ee5bcacb438bfc7c6ad776d6b8939419
0x45966c9b80b95413653e056db487be1ec2b826f1
0x5943111b15348a57f314c4a8f04ddd21d2863ba6
0x496030689bbee22510cf41244fce4d5ebe4fb767
0xdd15553673126d386f9e735d0cc56a96e59cc095
0x5dcb5f4f39caa6ca25380cfc42280330b49d3c93
0x6fbe7a00220a5fab8584db7a8ce4566c605fd7a4
0xbec7fcac08ec395204f445d8e4ed261efb2efb2e
0xe0ab1bfe72e6ace5bdaec5898d1bcc31d718d6ee
0xe9725c54671f9bd936386f986c1dec70dcdea116
0x56ad798e7cd6abec34d5a3eefa0e10fa26c65288
0x17a314918b89cb54016baf51f562029f7f5c3f6b
0x86e12dfc4af4b077931a5b23b35699e775e84acd
0x7ab7b6af6bdd06a6d90df7007e3a82dbe169f1b7
0x5e5a9ddf897dd1e64b3c1590d4be89bf274339a3
0x9b1aec32d465fdaf78199860aef660ed6ca5a2b6
0xc041652a65456147b33843aa7ba44fa8dc3523f9
0x405d77dcd34dae08511459fbc3dcf06763d59f33
0xcfffae3cc49e6f62bf50ef1f755ff29520f22073
0x9467397d6e52c2b953d8cb81a02798bca877735a
0xaf2f2ad6101b9c824e0d27a9521e24736ce8f845
0xb6da5c72fa3cf02c4326f685adacf50d4f55b746
0xf3732f3164f1b8a2252aa14f817f77ee7d5d11ff
0x167ff0738b1443eb299a651bdc7e31a4526d277c
0x5037e7747faa78fc0ecf8dfc526dcd19f73076ce
0xcf1f050deaaae94432b33feb885f66cef2156867
0xd76236988ebb37ee9df5db30416a6724b04ec066
0xf4f26672e1c1c85f7251979497729506cb46e97d
0x29bed086b7582a84dd1f290a37e9ea75fe7e8125
0xc55d35af6a5ff6299ef3fb8632bbac6cce17dc8b
0x66b190d7efe49fc082e8872a9c8ace703dc80588
0x378d55a98d1d1a15a6cc628c63451295f317daf9
0x8f36da106d7b814ed329a2761111e340b0f7d6cd
0xd1afcdc2542f161bdaf34c3b77d860fedcd4626d
0xc33df195b1608f5c729c8e68688ce3a8b556649c
0xf61aa27ca5721ca27c506fb47c4e6b4b32118b2f
0x385d28f86461e99ed2c660b546dde1b25dd7ab0a
0xe84132b9afb9c542dd8a89af4498b6670a14eca5
0x5a3e6098aad5389d431ba61153abb32458a42bc3
0x16698d6bea830d6514d5bbd76feb7a2e89e54843
0xffbf726c319c95594e034362cbfceed34ccbcce3
0x447ef1c1586bd0cd59361275379c9e9e49a42656
0xc5ac77b5c3cf04f8d7ce3aa46cf9b3d90c24426e
0x88465972a8b004b185f8f0e4a294fb8f97891e34
0xb5c2c9c95ecbb3dc4214fe9c8bd236f2faa8f2f7
0xa9903bda477b9a57bd795adff9922cb98db65f04
0xf812bf8d5f8308d3449baec8e545a8413dc52bcb
0xd08f9476e398f23c3f369bfaa0f405fff9cc6b76
0xc4b3da8bdae1a7d81819ba46efd880d87c2a4ca8
0xf225295bf689dfc9eb2a2305ec7b4d505c92a4f8
0x758bd581f955bfd1cd8fed549bbcbdc7a16c39f6
0x2691dfa2997382738783fbca51e4424fab8bb2a5
0x40e32323fceb42b7d60ca5efff64ff4214b7bb26
0x1a03dea2fbd2e338ff25382c2eae97a163a48fee
0xcf2a1afe14bc0c9ecbda9142415c078d76c3325a
0x486e84bc8f5ff529169d62f7c8230dd906db8b50
0xf0cab4ad737ec90b087b9a2e5049e85b2d0acf84
0xac9d1dacc304715b4d47791cc937b19dbeedb907
0xfc1237b84e686e6932948014afe32158c64aff3f
0x2ec75b5178ce60d1ba7c2e6d59c41e5eea2f127e
0x6def6bb054bbdd89649ea18b9dc71a06ef4bfea2
0xa29e083d06176e61c1688ac9f383062de6153b6d
0xe49d169e6204b73c079a4ac2ab1e25226c8da8e2
0x0916c4dfe0b7a7a28fae755430b0333d107fb6ac
0x480df703fcb76d9f818cd998a1954b4f950a4f2d
0xfe1eb86f321187baf51c06c9fd245b1c7da30aa4
0x9840aba1a46aba8ab8822783b1e3ae0ab852647d
0x5beaefbf4d8c6b45f666579481d874305b653afd
0x43267910c45d15208162f6fcdb1149e14069d553
0x223eaba078c5534433b0f326adc2b0ce3e45fe8b
0x6941f024f76f1c3e52504464a5216bc512db961b
0xe669c2e8d7d40f63a6b8551def004c356e719bc7
0x6b17607dc34911cfeddee87f68758905b84840b9
0x8c0eb14b2ab0f03ef9a35549ca8ab7db5a80fa8b
0x99a867f13e417ebd2ca445f382a372ce2eb4263f
0xd65893f9e75cceb2b4fe6162d136f94e3d7cc05c

Reasoning

Addresses which receive native token (ETH on Arbitrum/Optimism/Ethereum, MATIC on Polygon) via disperse.app are controlled by the same user. Therefore, if two addresses in the airdrop list have received native token from the same disperse.app transaction, they should be counted as sybils.

Methodology

  1. Query all disperse.app transactions on Arbitrum, Optimism, Ethereum, and Polygon (see disperse.py).
  2. For each disperse.app transaction, examine internal transactions that transfer native token. Record all disperse.app transactions that send native token to an airdrop eligible address (see disperse.py, disperse_data.csv).
  3. Filter for disperse.app transactions that send native token to 2 or more airdrop eligible addresses. These destination addresses constitute the list of sybil addresses.

See disperse_data_filtered.csv for a list of disperse.app transactions that send native token to airdrop eligible addresses. Each row is one transaction (precisely, one internal transaction which sends native token), and all disperse.app transactions listed in this table send native token to two or more airdrop eligible addresses.

Filtering was done with the following R code:

df = read_csv('disperse_data.csv')
df = left_join(df, summarise(group_by(df, network, tx), n=length(unique(destination))), by=c('network', 'tx'))
df = filter(df, n > 1)
write_csv(df, 'disperse_data_filtered.csv')
write_lines(unique(df$destination), 'disperse_data_sybiladdresses.txt')

Rewards Address

0x61C1511D2645C1Fd1C5e71f07586d35779D85D79

Attachments

Provided as .txt as .py cannot be uploaded: disperse.py.txt disperse_data.csv disperse_data_filtered.csv

rotate-eth commented 2 years ago

Your API keys are in the Python file.

rotate-eth commented 2 years ago

As additional evidence, I found that many of these addresses have identical timestamps in the provided user data. I believe this means their first Hop transfer was executed in the same block?

address | totalTxs | totalVolume | timestamp | diff (seconds)
0xac9d1dacc304715b4d47791cc937b19dbeedb907 | 12 | 1687.89 | 1639637195 | NaN
0xf225295bf689dfc9eb2a2305ec7b4d505c92a4f8 | 12 | 1691.26 | 1639637195 | 0
0xcf2a1afe14bc0c9ecbda9142415c078d76c3325a | 12 | 1688.68 | 1639637200 | 5
0x1a03dea2fbd2e338ff25382c2eae97a163a48fee | 12 | 1689.36 | 1639637205 | 5
0x2691dfa2997382738783fbca51e4424fab8bb2a5 | 12 | 1690.7 | 1639637205 | 0
0x2ec75b5178ce60d1ba7c2e6d59c41e5eea2f127e | 12 | 1686.16 | 1639637205 | 0
0x486e84bc8f5ff529169d62f7c8230dd906db8b50 | 12 | 1688.56 | 1639637205 | 0
0xf0cab4ad737ec90b087b9a2e5049e85b2d0acf84 | 12 | 1687.92 | 1639637205 | 0
0xf812bf8d5f8308d3449baec8e545a8413dc52bcb | 12 | 1689.26 | 1639637205 | 0
0xfc1237b84e686e6932948014afe32158c64aff3f | 12 | 1688.56 | 1639637205 | 0
0x6def6bb054bbdd89649ea18b9dc71a06ef4bfea2 | 12 | 1687.92 | 1639637210 | 5
0x40e32323fceb42b7d60ca5efff64ff4214b7bb26 | 12 | 1689.21 | 1639637245 | 35
0xc4b3da8bdae1a7d81819ba46efd880d87c2a4ca8 | 12 | 1689.57 | 1639637245 | 0
shanefontaine commented 2 years ago

@0910841082130913312

Thank you for the submission. Unfortunately, this submission does not meet one of the criteria for submissions:

Methodology that has a non-negligible chance of eliminating legitimate users will not be considered

There will need to be additional proof submitted in order to consider this a valid group that does not include any legitimate users. Please consider providing more information about the behavior of these addresses, such as identical types of transactions or similar timing of transactions. Please note that another user that submits an issue with a detailed, non-negligible chance of eliminating legitimate users, their submission will be considered before yours.