Coinbase Revoked attestations

[Jkd-eth]

User Story:

As a Product manager at Passport I want to remove/revoke all Coinbase verified attestations So that I can ensure we're not giving points to bots and Sybils

Acceptance Criteria

GIVEN a user has the Coinbase Dual Verification WHEN the Base attestation is revoked. THEN we should revoke the credential within Passport

Product & Design Links:

#### Tech Details: Here's an example: https://base.easscan.org/attestation/view/0xb61910ee82784bf033b8b352c8bd2c098d2ef653e4c4420e831381e3c6d89ead (top right 'revoked' = Yes in the UI) - Ideally we can run a daily cron job to review the attestation status on Base EAS to see those who have the credential and whether it's been revoked - We cannot tell whether the user has revoked or Coinbase has revoked #### Open Questions: - How can we track the accounts that are being used (Coinbase account + Eth account) and flag if an existing Eth address has a new Coinbase account? #### Notes/Assumptions:

[Jkd-eth]

@erichfi I just created this today, but we're seeing Coinbase attestations that are being removed by the Coinbase team after they KYC, but trigger internal controls. I'd like to prevent these users from continuing to receive full points for the Coinbase KYC

[nutrina]

This would require a background job to check for revoked stamps, and delete them from our DB. But we would not be able to revoke on Ceramic.

[nutrina]

As discussed:

• please implement a revocation table
• we will currently revoke based on the proofValue in the VC
• when scoring, for each VC we should check that it was not included in the revocation table
• in the future (once #2038 ) is picked up the revocation table could be extended (or changed) to use another value (like a VC id) to identify the VCs that are revoked
• we will still need a cron job that runs in the background to populate this table