search

safe-global / safe-user-allocation-reports

The proposed list of SAFE user allocations has been published on the Safe forum.
Creative Commons Zero v1.0 Universal
34 stars 10 forks source link

Sybil Attacker Report #341

Closed Parkcora closed 2 years ago

Parkcora commented 2 years ago

Related Safe Addresses:

Group 1

0x199874b895ad562e2a294b7e4d067c879ca6db32(start point)
0x66ffd3e95a222c6b84148a18b0a52b0e0c4b477e
0x0771602cbe07b110166f2c6a75c9fa09f2b0f1ed
0x1c435160ebfcf88d98247c8b3fc366c1c154a069
0xb0ecdd2c63581e5181f727f9b58a13a719a47bad
0x8cb417e2a7e6658f9b1f70361c70ba90fc3939d8
0xc1d905c3305e8e5713c852df0a27b86b34832f13
0xa5cdd1409bd40fd76817b936f85a539d2e72496c
0xdc02c33ce0d46bd1496b42858ed78e2d98f10008
0xebd03dc9769d3b6ececb90192b1be84be8594de9
0xda868e1f8e1a4754af63907632c2b27015da078a

Group 2

0x199874b895ad562e2a294b7e4d067c879ca6db32(start point)
0xd2aa0f4dd20c67587e061d98d1a74ff603bfba6f
0x7dc5597632176999aecce1e6ebfc4ad08ebe684b
0x55d582b3dd82c92a0e2b14a57e2019c078c62507
0x2e4de23bd96232eff0caefddc28ec84ad01d780d
0xede2442f70c23fcfbde099dbbafb1c0b175eeecd
0x806dc7529c947c64c6c7eb19525c97f7f4a2dc8a
0x6b56a23374ce7940f6e27f5f42ea1f7442b813c7

Reasoning

Group1 and Group2 are two interaction activities path under one Sybil Attacker control(from same start point), here is the proof:

  1. All safe addresses of two group were created from 2022-04-11 to 2022-04-12
  2. All safe addresses transfer 3-5 USDC to the next address on 2022-05-07 or 2022-05-15 one by one sequentially and consecutively in this group. The timestamps of these tx's in each path are continuous. Details are in the following table.
  3. Those addresses only interacted with gnosis safe.
  4. All the addresses have 7 to 9 transactions.
  5. All the addresses have 3-5 ERC20 token transactions.

Group1 path:

safe address tranfer to next address
0x199874b895ad562e2a294b7e4d067c879ca6db32 https://etherscan.io/tx/0xc4a7fafe9037a981c99361f43ef447c52beec74e962e70f45a92ee396a0e40cf
0x66ffd3e95a222c6b84148a18b0a52b0e0c4b477e https://etherscan.io/tx/0x29b9e1d5446deca24f99eedfa2d0b847c70235a0aa7cd3a8819e4fbdd456931b
0x0771602cbe07b110166f2c6a75c9fa09f2b0f1ed https://etherscan.io/tx/0x69723dde13fe9f745a424a860eb7d8ecf33d73d6a9e5f3b04856fbdea3e84978
0x1c435160ebfcf88d98247c8b3fc366c1c154a069 https://etherscan.io/tx/0xeb955da3ec16628722cae6059605d33b43c6136eeefead50596a1abf09f90f9f
0xb0ecdd2c63581e5181f727f9b58a13a719a47bad https://etherscan.io/tx/0xe68f798274a5cce005d250018adc8f77de6758afe79fe825fb431fa224fa311c
0x8cb417e2a7e6658f9b1f70361c70ba90fc3939d8 https://etherscan.io/tx/0x4fbf51f932e011e1c8ec213c702de1d0efce972218bf586952a1038dabba4e60
0xc1d905c3305e8e5713c852df0a27b86b34832f13 https://etherscan.io/tx/0xd3ba599cd9f1482316198acd0df15f945d91c74bf00d686b56ab440f1e9b4d24
0xa5cdd1409bd40fd76817b936f85a539d2e72496c https://etherscan.io/tx/0x45e9367cd90361a1c67e11cb42edb311167167c7219b2ea5ca49a086d94ed3cf
0xdc02c33ce0d46bd1496b42858ed78e2d98f10008 https://etherscan.io/tx/0xf6189aa4a588b42ab81220f0b266f162bdb526e2cf7951bd1f06471dd77d9386
0xebd03dc9769d3b6ececb90192b1be84be8594de9 https://etherscan.io/tx/0x9a666ba2080319a79734aa4502c0f2f189f5f26cd2ebc1a358d04f6faef972c5
0xda868e1f8e1a4754af63907632c2b27015da078a

Group2 path:

safe address tranfer to next address
0x199874b895ad562e2a294b7e4d067c879ca6db32 https://etherscan.io/tx/0x136848d1fec056ec3606696ed50edc430d72bdc2e8dab4d4be49a90b08f49e64
0xd2aa0f4dd20c67587e061d98d1a74ff603bfba6f https://etherscan.io/tx/0xb1f110e5363de0307c081b0e1dc6074f9c646bb4ec4e765af45049a361a6c9ef
0x7dc5597632176999aecce1e6ebfc4ad08ebe684b https://etherscan.io/tx/0xa44c741fce44b5e39521e60d365bc666743468ba78be299629704598858623a5
0x55d582b3dd82c92a0e2b14a57e2019c078c62507 https://etherscan.io/tx/0x162863dea9ad6bdd1d810b0cbeab69685b62ad99c0576c8abe225d3a57bc8aac
0x2e4de23bd96232eff0caefddc28ec84ad01d780d https://etherscan.io/tx/0x540a9f420aeb5122ee1da2714c5aff1b8fa30ff4e84c943912e1ceb824205269
0xede2442f70c23fcfbde099dbbafb1c0b175eeecd https://etherscan.io/tx/0x8b9412bcff6ed8ead02911504c9962cb67317907dba0613bd616748d5fbfb9e7
0x806dc7529c947c64c6c7eb19525c97f7f4a2dc8a https://etherscan.io/tx/0x2f9cdc05639b9efb812eb8a4664f69a3150753dfd7703af9a3e54eb44bee3b59
0x6b56a23374ce7940f6e27f5f42ea1f7442b813c7 https://etherscan.io/tx/0x8b9412bcff6ed8ead02911504c9962cb67317907dba0613bd616748d5fbfb9e7
safe address creator address
0xdc02c33ce0d46bd1496b42858ed78e2d98f10008 0xc213b1d0db3b5c834174451a45af54cd701c2935
0x1c435160ebfcf88d98247c8b3fc366c1c154a069 0x74d296c6c3236b7358321857b31b99868fc2b9fb
0x199874b895ad562e2a294b7e4d067c879ca6db32 0xdb289b4175b27269cab6983092a87ec30233c44d
0xede2442f70c23fcfbde099dbbafb1c0b175eeecd 0x4b98d9741aecff489020c67ec55653561b8828e4
0xd2aa0f4dd20c67587e061d98d1a74ff603bfba6f 0x88e5d41e35ff9fd7e1a134c04f7303a6c52ed86d
0xa5cdd1409bd40fd76817b936f85a539d2e72496c 0x29eb16d56c48fb2a0d0089993e9fe5e52f1b0105
0x8cb417e2a7e6658f9b1f70361c70ba90fc3939d8 0x6f7d299b43ab1c500d9f87d6eb67a96dc1ed0d91
0x66ffd3e95a222c6b84148a18b0a52b0e0c4b477e 0x3984c353e77d4eac4b61fc249dbaffc24900dbe8
0xb0ecdd2c63581e5181f727f9b58a13a719a47bad 0x821d33a9a1650548368e1a8f33d1ea5276a1f415
0xc1d905c3305e8e5713c852df0a27b86b34832f13 0x7b24adf8c37314bf9bf3d2062cae717e5ef73e8a
0xebd03dc9769d3b6ececb90192b1be84be8594de9 0x5fdc748978bd9d483793766a34cf72f7c01a337b
0xda868e1f8e1a4754af63907632c2b27015da078a 0x68a0d35ec89683c1dce4536578c300d32b94f75d

Methodology

It can be identified by visualization and further analysis of the details of the above transaction listed.

Safe Address

0xD50fF80Ce8EFc38D024272f4019978Dc017eA200

Parkcora commented 2 years ago

Other issues contained these safe addresses are all marked invalid. This is too. But the reason stated here is more than enough to identify farming behavior. Could you please provide a little bit of the reason why this is invalid? Thanks. @johannesmoormann