search

hop-protocol / hop-airdrop

Hop Airdrop distribution 🐰
174 stars 218 forks source link

Sybil Attacker Report #151

Closed rotate-eth closed 2 years ago

rotate-eth commented 2 years ago

Related Addresses

UPDATE: Changed addresses to lower case because of #36

21 related addresses:

0x9a5207cf48ac3fb8c0641f994be3697b6cb87763
0xaac9bce1e822e5b781d6dfa45d7d7106493c3bf8
0x28a134384737283413611e338f588f584174ebba
0x807a1cf8586164c3d56fa6bf0295fa358b233b74
0x2f0d075d72662137b39306747b292deec77781f3
0x6c4ba527ced54feb85f85a567ca0691d099209d2
0x8a356368dc9c19dd1622ac5827b25a972368507f
0x1639dde5da203f2f5559e6213fe4e3dc09bed774
0x59d186ce5968b3b5cd6730f45ad4a79c17646e20
0xd52b5da2136081a1df0b065f083e144c96481f2e
0x3658eefb177158ba9105024dc9fd74475e263225
0xcd9e4355fd4e9cd8ef3f08d24170ac8ed3aee594
0xa0d3a145422d9a7ee9ec8f56f5fd69893180f055
0x3def5e9b83911b0dc33c31eb8346b532f1625613
0xb1badf31e4f72bd039fadbf329717b32948b049f
0x23bc38e69cf206da4bf26483465a7f3592caa3ba
0xdf89d08f88ca0197854c6763fc69d36eb9eaee39
0x231dc467b453e40b58ed57d777185025df36025e
0x51f61fad9513d06ccc2ec312b0852913015e612d
0x2abf33485edf704511dfa42dfb8afa71a0450a8e
0x87c0f913352e0472ea8d91b8e93ad834fcd9289e

Reasoning

I have been investigating airdrop farming for the Dex Guru DAO (further info here). As part of that investigation I have looked for clusters of addresses that vote on Snapshot at the same time. I cross-referenced that data with the list of eligible addresses for the Hop airdrop and found one cluster that you have not already removed.

You can see on chain (Ethereum) that these addresses are connected to each-other with ETH transfers. The main nodes in the cluster are 0x2ABF33485eDf704511dFA42DFB8AFa71a0450A8E and 0x87C0F913352E0472eA8d91B8e93ad834FcD9289e.

Methodology

  1. Obtained Snapshot voting times from the Snapshot GraphQL API for proposal 0xcf136bb973e9e9bed205ae0aa58dac6d007130fc5e26822f663cdc7cf8fde5dd. This was an early proposal in the Guru DAO before the airdrop farmers were worried about being caught.

Example Snapshot query

  1. Transform data in Python to sort by created timestamp and take the diff of timestamps.

  2. Find clusters of addresses with small time differences. In this case the votes were performed in a 4 batches. Each batch registered votes at the same timestamp (second).

  3. Confirm connection on chain via Etherscan.

Rewards Address

rotate.eth

litocoen commented 2 years ago

Thanks for reporting!

Can you send me an email? - litocoen.hop.exchange@protonmail.com

Litocoen

shanefontaine commented 2 years ago

Thank you for your report.

Unfortunately, none of these addresses are eligible. All eligible addresses are here.

It looks like those addresses were reported in #9