search

hop-protocol / hop-airdrop

Hop Airdrop distribution 🐰
176 stars 218 forks source link

Sybil Attacker Report #559

Closed rchen8 closed 2 years ago

rchen8 commented 2 years ago

Related Addresses

0x91ed916492576a23e1c77a483cec60a6fac8f38b
0x1512be4ac080f24f0e200d403a396e7645e38deb
0xae02f6c3b8e944b0ba03e4129c5e8be92500db33
0x9e1de22c24f68cc7ba5add6a90ff10fe092b7c5e
0xc90963a2e7e46b53cdc42bbd9ca049845b308958
0xfc73f0b473e47f9890d3ce7bd437d69b1ab8fb00
0x527b64c83573ac0427fa444b98974d4a3909cdc4
0xc17daf57c32d899223ac6a45e27e03e332f28d52
0x54dc71f13a97728ddee14ff08ecc854e57a048ff
0x6a9a4b0a8d0d97d4dfd8406ff8e16d78d7e402c1
0xea9fa1c3c5fb1ce48b86f9903dede2ffa3519155
0x82ab383e5b43c9be62f7dba8539896f439fa3c8c
0x833812fa375cd0f9359699a351ad306868071580
0xa50c929258c264b4da2fa784d512f6cfa4b759e2

Reasoning

Screen Shot 2022-05-21 at 8 21 06 PM

Ignore 0x350 in the graph above. All 14 addresses belong to the same connected subgraph component, in which the edges are Polygon transactions between addresses. Additionally, they all form a strongly connected component, which means it's very highly likely they all are controlled by the same Sybil attacker if every address is reachable from every other address (though cycles formed by both to and from transactions).

Date # Addresses
2021-10-23 9
2021-11-22 5
2021-10-24 4
2021-11-21 4
2021-11-18 3
2022-03-06 3
2021-11-17 2
2021-10-22 2
2022-03-08 2

As an example from the table above, on 2021-10-23 the following nine addresses sent multiple transactions to and from Polygon and Gnosis Chain, with values of ~200 USDC and/or ~600 USDC.

  1. https://explorer.hop.exchange/?account=0xae02f6c3b8e944b0ba03e4129c5e8be92500db33
  2. https://explorer.hop.exchange/?account=0x9e1de22c24f68cc7ba5add6a90ff10fe092b7c5e
  3. https://explorer.hop.exchange/?account=0xfc73f0b473e47f9890d3ce7bd437d69b1ab8fb00
  4. https://explorer.hop.exchange/?account=0x527b64c83573ac0427fa444b98974d4a3909cdc4
  5. https://explorer.hop.exchange/?account=0xc17daf57c32d899223ac6a45e27e03e332f28d52
  6. https://explorer.hop.exchange/?account=0x54dc71f13a97728ddee14ff08ecc854e57a048ff
  7. https://explorer.hop.exchange/?account=0xea9fa1c3c5fb1ce48b86f9903dede2ffa3519155
  8. https://explorer.hop.exchange/?account=0x82ab383e5b43c9be62f7dba8539896f439fa3c8c
  9. https://explorer.hop.exchange/?account=0x833812fa375cd0f9359699a351ad306868071580

Methodology

maxresdefault

I implemented the Union-Find algorithm, which is a famous graph algorithm that gets all of the connected subgraph components in O(1) time. The nodes in the graph are from the most up-to-date list of eligible airdrop addresses. The edges in the graph are from using Covalent's API to find transactions that connect between these addresses.

Finding the timestamps of Hop transactions per address is done using the Hop Explorer and reverse engineering their API so I can automate it. :)

Rewards Address

0x9bb82fbf10cF4959909BAB9bE07805bd1d28D04A

rchen8 commented 2 years ago

Already merged in #527