safe-global / safe-user-allocation-reports

The proposed list of SAFE user allocations has been published on the Safe forum.
Creative Commons Zero v1.0 Universal
34 stars 10 forks source link

Sybil Attacker Report: 187 safes created by 0x29709b7d78d49d7a51be2ee091fba3b80f1c5d68 #387

Closed sixbrand closed 2 years ago

sixbrand commented 2 years ago

Related Safe Addresses

0xffc8b58bb366f9371e66eb6a667b2102b963fb52 0x8517ef6ba0c100a5279f8fb56a5fcc14571ad148 0x9bb1880e75954a2ef2215ac55a97a95c6cb4b557 0xe669c7876b37d58807634f74209496bb76dd22d5 0x23089dde9807a652b1b260e424b8dcabfc9b448f 0xb21765cca1c70c98c6101d4f263af47f449fd3d7 0x836e172dd72c260673beb52f2291a48679a08547 0x91d9823afed25b293a50a271e097e62c85739dc7 0xd4bf2446c9aeaa97773b25ed32a56f4932af06c6 0xd913d8da995360de5bd1177c578acbb7d87f2fb3 0xc01a558bc46b2723eec43b95cfd546fff1cdcc9f 0x7152a8f5f7513d63157830cac4fe91128530c896 0xa7350d940f3f2ff7f9e5497b3c2e43fc39459b0a 0x44a2e802199262ea9ce83b2652cd5a7e76f42e43 0x4fe39dd592798d9162db3a00f31d7e4e2674b81d 0xcd521dd2dcf4caa6f75108ebf1cfb46a757de377 0x0c7171d5e8b1686755d9e9e78879f5a4f73eb806 0xd54591d40df6a2e50acf1951e4551a9a23dbf99c 0xe6cba9baf6d1bb686ec9c820143539ace27fdf21 0x77a9b9396d8f83bc58745ee49a8c4ccb0384dcf1 0x2c31c6767acc13613963d3d3f8a0a3af7eb1bb95 0xdfffb256fbf2fbd9a132f5bf94d98e4eb8da836d 0x751494d22900b0c4a54203ff01992f83e6c29b93 0x36416c2d49d8da91e9b567983fd060b829ae45a0 0x9f007064a58952304ff152407ed80fd106f3ed2b 0xb4c4f7f398459a1a5aa83fcea8f82dbeaa629373 0xa2ca6424c20a592a8aa7b5ae4904b8ec20aeaaad 0x86998635018e176561f0b4cf2a118dc7076c96e1 0x4f25d5db19ed545aec8a2462c482f69fe9877438 0x1629705424929b77a8a181e5b6018cffb4758e15 0xf8360dea9284fe30a59951e726631e320385cb6e 0x3d2b3c5dc2da3702ca868d67d7e081be25d23600 0xc16e4aa74e7d61b573f732b58b2f28e659c68fa9 0xd961f80da86c725b961853cbcd90ae263904e11a 0x2c436beb1aa3f3babe9449daa67577946bc9fc4e 0x5de68d7541ad2f8ea5a2f139ef68641f00bd0753 0x88d512fbd4861d90dd68dab4c054e885b9f4fc57 0xf8b7468b1e4bd36a5fed268fc00f64cdd949bcfb 0xec3622f7937d88cde64997f879d5605b7d7a7760 0x93db9f5b942d40b8d4c18211f7fb400114b0a9a0 0xf9a03b75d0cf2632094e9e3defc2c0d93be1a959 0x8d5f89b3c0c56545303dc990794198a1f6a6bf0e 0x7b8ef1d8f13ee9870d3c91cd92b16f1556a7e3a6 0xafa2193ba85f751b2fa6ff146c1746bd3f1527fe 0x6eb8f2c3745c95ada681fd182e0f69264c866bed 0xf8554be1621ea82091a5552b032a0fd644428674 0xf3841e80bd4a086231bb14bea90ad35eebe57bfe 0x0a3f96a462207882667c27e570ca31ed36107b87 0x6275183e280a4e0415b1b13f6c53107e309d3e50 0x6125e4ee5469b67d25a2e8561f2375ce72c7a240 0xa23ec21595cf8ac1af8df75c40ab94509b9a07a1 0x5c9ed6d0abc06522c8b6caf0b8514b01ca0134fb 0x147e9acaa1f956d9cacea70712aabc274f797953 0x7ce085afc6e48bfdf8e96011b3afe913091d2d95 0x86235a593f1774d18019bf168b5e11b713f9e06e 0x52e11cb911e718fb3b189b410b74ee4589700639 0xdff7be53213c0c1515ee2292fe3768569be81de9 0x89ded1a691cd2e0fd727a66abaab408c18ab80e9 0x1449154a6d909e5b1778036a696e9c98da66084d 0x7ef7470bb42b5ebc6ca7c1bdd4147ae5a58fe350 0xcefb380aa5205e2fa192c224fea859ba59bfa1cc 0x1f82110062055ef3e3073656ca386026303253ec 0xff211b74a22a4d9e4a731b63c798a5f99dd56158 0x4ae36e99951a86c016dc76d83baf083f96af1d4e 0x5d841617ef501df20bd752f87088832b999b4d0d 0x4591e7c8b2318dde960d98fe963cb2c575ab77a2 0xd5b3a870702a48bc949c45272c6753e0d78afc96 0xfe7ef6581394fab472b2176f746f1416af1de3b4 0x008607478df0584b1ec99acd548f4a410a8c6e28 0xbba24c38d0a35f026cbe7be784008b25212b132b 0xafb55d36848ae4a4d22347a3a0ffae5806b75d98 0x90eb8f0b4e3ab7cc5a7126e54a83cdaaf61c97ab 0x5d279655e21574242b7c6f2a2dc9c9bce911db36 0xb616536775a03a1899d3e4cb1d43cdef98bbc51d 0x3b994769f728ddb9fa46f81f1a4bad4723e7d07f 0xb23ae814ced6aee65313ca41a02c9a2baea70f7c 0xea254c1cde81c63f9e343abc445acc39a72ad871 0xd73e2cf07462746b8f6be1d1cf4ae66ed590db90 0x01ad5f23b3b71db3d24873ca1983d799f1ffd79f 0x7e4cd6b7039010de703ae742160fb481fb57ba97 0x693ec4afef930cab11480f788b4db40232ae2974 0x0aa90f757c45194441a5b90a0ec7825bd30014a1 0x411b3a4554df96d5cde4a55c0308e0e74b3ff432 0x5ecbc643d425d0231f762f0c0850392bcf97aed3 0xa86f6b6e4f7fe97a8f6f22936cee7fdfe2377ea2 0xd1cd80fe9158174a473fed9b5c1848480f65aa75 0x120470193835010e6381a6d239c230a52a1dbaf9 0x3dac66a37de4db86873ea6713486b2dae48e81e9 0x8cfa1e626f895b66a97dfb7b7165fb0196be4464 0xc4a582c081b7d8a0bda2462a79bc4f5f1112a7af 0x0374131daf4ef35bb237e1cae8fcf91f89bc7af0 0x7e4e20792292b8d9847d2785ffd7b3d92d7248b2 0x91d4d096b819eee3bb0372e6e2584950b0d38f22 0x64703d184b034b74c7d79c8629373ca976e041a7 0x79e2cabea851c64dd5b95402416b0cdd9d6f0b39 0x181bcfbc5149bd975bcaea911baaac5a6f9031ea 0x29f11ddde1aeb71d88698340f1a33f5ed7dd8eb3 0x157ce8ddd9548f67c1f6bd16c62c8a4370fd0df7 0x30ffc4231669b5d44285e62178f9980ec9842199 0x22d2acb788edbc8141d175dd72a4715dbe7d23a0 0xe1ef9f3b69764916999601fc137e8bf3c3219fdd 0x90a738350e013e3227c38239daa29189b4dbe81a 0x11eeea3d57fff54a7bbd4a0e92eb3d561f68c1b1 0xb625644149f85ce396dc5319dc68d5fe262cf12b 0x155924647d8213ec44239952e5c9613b92a9c4ae 0xd118f7b486e460668fabbc1281ad3acd3c06c10d 0x83605c219eaf73e3d87c42ad7f46055123db11da 0x29e98223a07df173ab0f540025c453b2c4f6833f 0x2a68f934fa8e8ef48ce772d1c7133de83660b95d 0x34bb11fe45fc5980a2185a0b4b9b085bb98ff356 0x1330d374dad46d7343816ee8a627538dbe160bfb 0x9595b4f7b76239e5c895f835338da54f5e65e540 0xa20ff3194959908961fca47c7d15cc649ffb86a0 0x655e1cf19689bd55ad43a50be22c1a777b4b8e97 0xeda916880215b1ac9c098b1e607400b603680e54 0x6e04a540ea8982a28c8e821631d4b9d3df2bfe7b 0xaf835f9f5da690b5fe1cd66617a3d2ae66a615c0 0xc90c15c6096cd87d0ee21aecd680e93e3c9c2ae5 0xedb53459c39129615ec5de85baf8c350562d9e69 0x03515dc1cdc28e0e1e64c5995942ae5e8cfdfeaa 0xb9f49f8b7db2b862fdbde6f1d16efe2af2a63838 0xe375358d4df2f61a9100e34a8efa7faf119a889f 0xd10d6959ce547848740b4b5691896a25d95616c4 0xb2485c49ae898137c315ef935a7c36ad51cf9d7e 0xe1fc1e26c68cf236da9066153fa78d823e94b0e4 0xd93807985dc24b9bc5f3290921b9ce40e0b2d2f0 0x764361a9ff22aadaa5a9565d886c6c42b8b6b13c 0x29def782a717364a7c4ae6694c111b982e195651 0x451cc7d22b1b52731cce569b46407166469020aa 0x752a988aeafa46a2e968789112e265a0b52a9f0d 0xe6b204c2c65517467c9761b4dd8b29b38143dad5 0x4d736ba35a602891af476e7dba877f144ecfc1be 0xd2bf3056980e0bbabc4bb6e408c8d8cf4553998c 0x0777c58c6072061c45516574ddf9ba17989b359d 0x9d5338d9d068c8b1173642b50af88ae72a6eda52 0x2032883170f010d5699a5288ae6aafffa50da156 0x98a4f3610e8b10eb9e219fa06f42a3cc6a59c3f2 0x18332a0be05025b536152db091e31604ceff27af 0xff6d1a9c8c7b118a8264e2dedc5d055e225e8767 0xa2724ea2a11ae737bd877ba92c00f04c7e9a67cf 0x6c54632e9f275f1abab0c225a1287df536e5f0fe 0x440d71cf40ad5e9c3599a795c1c873d8114b54f2 0x5788ef43d186b5702d4823f04af64e91b6d52973 0x3a85b67fe5d57a6b1bd844854244eaa12d8f941e 0x4e7927e9d695b86473af0e40fd5f5a9ccb383fa4 0x245df0137b368ba416b49b037b87aec19a1e9c0c 0xef1ec9e35f841627aa52024f282f3a4d4f7cb7f3 0x946a1cb169ba5bb8410cc4286946683696869921 0xa9ba0c7fe8e3af3663792ccd817cff5619980d09 0xe5212f4765aa56f20c1cf9980b8ee43fda6047d6 0xcbcc763bde48f8b4cffb3970978f11f6d3f18143 0x651a561419940211eab8bb1c8858acce0cd4a21c 0xd9aa671334e7467263aecd3696fa5bf574648175 0x25bbf591b34490b7b3fc12c8665f756b12ac07b8 0x755bca407538cf228d1487affa08aa34e198e340 0x18f3ebbd2d36b7fda37d19dee42bac0b65f07749 0xbea31b062920d31d884447fcbb8ecb9dd853d9d7 0xb2ca5517fdeeec21de1ce1f789386d7479530c77 0xba046c6144c1cbbc539f335ce6d744b91922bad5 0x4707465d93e3320fcc5b8dafb4ccd7a0df290bcc 0xd35abc2ddf9cf8beb21461252e5c81aff199b2b1 0x43255dd0b0b14ac62e1637f0f99f780067f0c216 0xd7832a785c040b278117009c289a172754287ffb 0xef0ca46d73ecf148ca7b9abc7f50eda3fa6e0467 0xc9acc673d36f0e24ac469bfbe94ec96aa5d622fc 0x7f51a0511e14c74fc69d0b076594d74d215f794d 0x09a1bb1f90aab064ba4a93ce95c9c2a9cfc9b79c 0x3e3ef6ffd5f80d18807b0312b79ccce555784a17 0xc5628bb6c1d8663fc853e42a2eef5c4f8df894a7 0x869309ac80d1b1caf4e1f3500b8218cfa4445cb0 0xa5c9ada209a84aacc61fd1ad03215bc377c39aa5 0x903c1b9e068daf502b32d1855e345ca355a6a43f 0xd582c62004ad766d5bd230695517648f0fa96f9f 0xe8e6fdbb04c0d52204fe49536d1ddbdc90b55193 0xdfc5e96a59943e104b9c0effd9567b9bc8356145 0x30094cf671ce3799fee2f27cc0afa79d7aab13a0 0xa65deb9cb4666f32f36c30966302d72cf0e71350 0xe3171ec2121b7ea4b8770d98583c283d6477476d 0x9447753ef2f04cd48e829b723397dd0b93a9c728 0xc503e0a6549bf20a92fe830097eb324b8b93583e 0x2cf29fb7e22d43176438c195d328b69acbdedfe2 0x4a2186bbdfd3d5515a04252367b02da592267f54 0xe9093c1314c893d4ee22374dd2e28b3474ac7f4c 0x4473bcc2992259ff606958f694f87838191560a1 0x520b75eb75c4856762af9eceecb94766273c807c 0x629ab299404c370b178cb4d819f64980be8043af 0xbcb9e0951268685fd218758d2bafbee9113554c3

Reasoning

1.All these safes are created by 0x29709b7d78d49d7a51be2ee091fba3b80f1c5d68, which is a EOA address. 2.All of the safes exec less than 10 txs in a very similar pattern, which contains one ENS setResolver tx and some token in and out, finally left very small amount of ETH in safes.

For all the 187 safes, some stats data are as below: Some simple stats: average txs times = 3.47 average ETH balance left in wallet = 0.0189ETH

See detail here: https://github.com/sixbrand/safe-sybil-hunt/blob/main/0x29709b7d78d49d7a51be2ee091fba3b80f1c5d68_features.csv

3.56/187 safes only have txs on the exact setup day, and then never used again. And yes, the txs are barely only deposit and ENS setResolver. Remember? these safes are created by one exact address, and only used for 1 day to set an ENS resolver, that doesn't make any sense, 100% airdrop huntooooor. This cound also be a evidence which explained why other safes also airdrop safes(131/187), because an airdrop hunter created them .

Some simple stats of the 56 safes: average txs times = 2.696 average ETH balance left in wallet = 0.0214ETH

4.What's more, truely there ARE other safes which have some txs months later(131/187), but the airdrop hunter simply made some token in and out through the those safes. According to all above, this cluster of safes are definitely created by an well-played airdrop hunter work.

addr | balance/ETH | tx_date | tx_num -- | -- | -- | -- 0xe669c7876b37d58807634f74209496bb76dd22d5 | 0.000271 | 2020-02-09 | 2 0x836e172dd72c260673beb52f2291a48679a08547 | 0.019235 | 2020-07-10 | 2 0x91d9823afed25b293a50a271e097e62c85739dc7 | 0.014117 | 2020-05-28 | 2 0x44a2e802199262ea9ce83b2652cd5a7e76f42e43 | 0.020126 | 2020-06-29 | 8 0x77a9b9396d8f83bc58745ee49a8c4ccb0384dcf1 | 0.004477 | 2020-02-10 | 2 0xdfffb256fbf2fbd9a132f5bf94d98e4eb8da836d | 0.001307 | 2020-01-27 | 5 0x751494d22900b0c4a54203ff01992f83e6c29b93 | 0.005283 | 2020-10-02 | 4 0x1629705424929b77a8a181e5b6018cffb4758e15 | 0.012257 | 2020-04-22 | 3 0xd961f80da86c725b961853cbcd90ae263904e11a | 0.004154 | 2020-05-14 | 4 0x8d5f89b3c0c56545303dc990794198a1f6a6bf0e | 0.002667 | 2020-04-18 | 5 0xafa2193ba85f751b2fa6ff146c1746bd3f1527fe | 0.075264 | 2020-05-19 | 2 0x6eb8f2c3745c95ada681fd182e0f69264c866bed | 0.000533 | 2020-05-06 | 2 0xf3841e80bd4a086231bb14bea90ad35eebe57bfe | 0.000808 | 2020-03-26 | 3 0x0a3f96a462207882667c27e570ca31ed36107b87 | 0.000807 | 2020-03-29 | 2 0x1449154a6d909e5b1778036a696e9c98da66084d | 0.000271 | 2020-02-08 | 2 0xcefb380aa5205e2fa192c224fea859ba59bfa1cc | 0.011287 | 2020-04-28 | 3 0xff211b74a22a4d9e4a731b63c798a5f99dd56158 | 0.001801 | 2020-02-18 | 2 0x4ae36e99951a86c016dc76d83baf083f96af1d4e | 0.011371 | 2020-07-27 | 2 0xbba24c38d0a35f026cbe7be784008b25212b132b | 0.026000 | 2020-06-04 | 2 0x90eb8f0b4e3ab7cc5a7126e54a83cdaaf61c97ab | 0.003996 | 2020-02-10 | 2 0xb616536775a03a1899d3e4cb1d43cdef98bbc51d | 0.000940 | 2020-03-15 | 2 0xea254c1cde81c63f9e343abc445acc39a72ad871 | 0.001251 | 2020-03-06 | 2 0x7e4cd6b7039010de703ae742160fb481fb57ba97 | 0.009011 | 2020-02-24 | 2 0x0aa90f757c45194441a5b90a0ec7825bd30014a1 | 0.000291 | 2020-02-05 | 2 0x8cfa1e626f895b66a97dfb7b7165fb0196be4464 | 0.000000 | 2020-06-18 | 2 0x7e4e20792292b8d9847d2785ffd7b3d92d7248b2 | 0.004577 | 2020-04-27 | 2 0x181bcfbc5149bd975bcaea911baaac5a6f9031ea | 0.014341 | 2020-02-27 | 2 0x157ce8ddd9548f67c1f6bd16c62c8a4370fd0df7 | 0.001533 | 2020-05-02 | 2 0x22d2acb788edbc8141d175dd72a4715dbe7d23a0 | 0.008212 | 2020-03-02 | 2 0xe1ef9f3b69764916999601fc137e8bf3c3219fdd | 0.019365 | 2020-07-01 | 4 0xd118f7b486e460668fabbc1281ad3acd3c06c10d | 0.007706 | 2020-05-29 | 3 0x29e98223a07df173ab0f540025c453b2c4f6833f | 0.001305 | 2020-04-20 | 2 0xeda916880215b1ac9c098b1e607400b603680e54 | 0.003351 | 2020-05-08 | 3 0xd10d6959ce547848740b4b5691896a25d95616c4 | 0.050249 | 2020-04-30 | 3 0x451cc7d22b1b52731cce569b46407166469020aa | 0.018404 | 2020-03-20 | 2 0x752a988aeafa46a2e968789112e265a0b52a9f0d | 0.019498 | 2020-05-28 | 4 0x4d736ba35a602891af476e7dba877f144ecfc1be | 0.009050 | 2020-01-23 | 2 0xd2bf3056980e0bbabc4bb6e408c8d8cf4553998c | 0.001453 | 2020-02-20 | 2 0x0777c58c6072061c45516574ddf9ba17989b359d | 0.089924 | 2020-03-15 | 6 0x9d5338d9d068c8b1173642b50af88ae72a6eda52 | 0.025554 | 2020-04-17 | 2 0x2032883170f010d5699a5288ae6aafffa50da156 | 0.001093 | 2020-03-30 | 2 0xff6d1a9c8c7b118a8264e2dedc5d055e225e8767 | 0.011755 | 2020-04-21 | 2 0x946a1cb169ba5bb8410cc4286946683696869921 | 0.003404 | 2020-03-30 | 2 0xe5212f4765aa56f20c1cf9980b8ee43fda6047d6 | 0.073816 | 2020-03-30 | 2 0xcbcc763bde48f8b4cffb3970978f11f6d3f18143 | 0.020140 | 2020-06-01 | 2 0x18f3ebbd2d36b7fda37d19dee42bac0b65f07749 | 0.000564 | 2020-02-07 | 3 0xbea31b062920d31d884447fcbb8ecb9dd853d9d7 | 0.001532 | 2020-03-17 | 2 0xd35abc2ddf9cf8beb21461252e5c81aff199b2b1 | 0.014015 | 2020-06-06 | 3 0xd7832a785c040b278117009c289a172754287ffb | 0.000293 | 2020-01-27 | 5 0x3e3ef6ffd5f80d18807b0312b79ccce555784a17 | 0.003061 | 2020-06-03 | 3 0x869309ac80d1b1caf4e1f3500b8218cfa4445cb0 | 0.500000 | 2020-08-25 | 2 0xa5c9ada209a84aacc61fd1ad03215bc377c39aa5 | 0.024240 | 2020-06-04 | 3 0xe8e6fdbb04c0d52204fe49536d1ddbdc90b55193 | 0.023491 | 2020-06-01 | 2 0xa65deb9cb4666f32f36c30966302d72cf0e71350 | 0.000730 | 2020-04-27 | 2 0xe9093c1314c893d4ee22374dd2e28b3474ac7f4c | 0.010706 | 2020-06-13 | 2 0x629ab299404c370b178cb4d819f64980be8043af | 0.005956 | 2020-04-16 | 4

code: https://github.com/sixbrand/safe-sybil-hunt/tree/main

Methodology

1.Aggregate rewarded safes according to how many $safes they will recieve. 2.Check their creator, find all creators who created more than 10 safes. 3.Check if the creator is an EOA address. 4.Check if the safes have similar txs pattern. 5.Analyze more features like tx time, asset source... Mainly done by Python: https://github.com/sixbrand/safe-witch-hunt/tree/main

Safe Address

0xb7D82c1505bCe2FdD5B5F09Ad0fa43d4040Ca300

tschubotz commented 2 years ago

The creator https://etherscan.io/address/0x29709b7d78d49d7a51be2ee091fba3b80f1c5d68 is a relayer actually. So that's not proof.

.All of the safes exec less than 10 txs in a very similar pattern, which contains one ENS setResolver tx and some token in and out, finally left very small amount of ETH in safes.

I checked the first 5 and they don't following this patter. Hence I'm unable to follow the reasoning.