search

safe-global / safe-user-allocation-reports

The proposed list of SAFE user allocations has been published on the Safe forum.
Creative Commons Zero v1.0 Universal
34 stars 10 forks source link

Sybil Attacker Report #368

Closed sixbrand closed 2 years ago

sixbrand commented 2 years ago

Related Safe Addresses

0x659d1bf186cbf39a58a557223a3b9276c813be3f 0xafae46de8751a4b24d20e6a7b6f6a085350c8a0e 0xb43a4105386cd15a7c8fad7d4d62d5187ab85042 0x3e6910c36939d43ebd8f5283ea2f09c2df00075b 0x2d1de4286bd8c78c882a1c2947632fbcc90e55b2 0x5c8b77fde512d78097f5ec10db4c20e7d1366225 0xdba9f9cfc5d6547478518009c18f898ca174c9f6 0xe738628737657ddefb4aef226e6190e90ed564b6 0xc47b968c391347a3c614e4210e8d1f73f3d0dd41 0x33a930d9d184bfc42929d4b7a734b673bcac3ce0 0x049a12272e54744c3261a041643f99e40f16f9ef 0xf8389f241d0240b31c7543ca654c65238830dc2c

Reasoning

All these safes are created by 0x09c8c3e9cfad76087aa43048cd5385a75f6070dc, which is a EOA address, from 220419 to 220711. All of the safes exec less than 5 txs, which is very similar single deposit and withdraw. It looks like that it is a very patient and ambitious airdrop hunter.

Methodology

1.Aggregate rewarded safes according to how many $safes they will recieve. 2.Check their creator, find all creators who created more than 10 safes. 3.Check if the creator is EOA. 4.Check if the safes created are zombies and if they have similar txs.

code: https://github.com/sixbrand/safe-sybil-hunt/tree/main

safes info:

safe-addr | tx_count | balance(eth) | create_date -- | -- | -- | -- 0x659d1bf186cbf39a58a557223a3b9276c813be3f | 3 | 0.01 | 220426 0xafae46de8751a4b24d20e6a7b6f6a085350c8a0e | 2 | 0.01 | 220421 0xb43a4105386cd15a7c8fad7d4d62d5187ab85042 | 2 | 0 | 220419 0x3e6910c36939d43ebd8f5283ea2f09c2df00075b | 2 | 0.0194 | 220420 0x2d1de4286bd8c78c882a1c2947632fbcc90e55b2 | 2 | 0.0349 | 220502 0x5c8b77fde512d78097f5ec10db4c20e7d1366225 | 2 | 0 | 220426 0xdba9f9cfc5d6547478518009c18f898ca174c9f6 | 2 | 0 | 220516 0xe738628737657ddefb4aef226e6190e90ed564b6 | 3 | 0 | 220518 0xc47b968c391347a3c614e4210e8d1f73f3d0dd41 | 2 | 0 | 220503 0x33a930d9d184bfc42929d4b7a734b673bcac3ce0 | 3 | 0.002 | 220426 0x049a12272e54744c3261a041643f99e40f16f9ef | 4 | 0.12 | 220711 0xf8389f241d0240b31c7543ca654c65238830dc2c | 3 | 0 | 220503

Safe Address

0xb7D82c1505bCe2FdD5B5F09Ad0fa43d4040Ca300

tschubotz commented 2 years ago

Other than the connection to the creator, the pattern isn't super strong here. Hence we can't be sure to not eliminate legitimate behavior.