search

safe-global / safe-user-allocation-reports

The proposed list of SAFE user allocations has been published on the Safe forum.
Creative Commons Zero v1.0 Universal
34 stars 10 forks source link

Sybil Attacker Report #423

Closed hushgif closed 2 years ago

hushgif commented 2 years ago

Related Safe Addresses

0x27939086a4ae96ddfd1aac4ddc88e4d7a3b0bb40 0x76d8fa73e918d683ffe43a4e1417984fc67c4968 0x9dded1fea6e8639ede34640e5d448111795de728 0xbb25a87242c8d85a69282f892a6440e4f50ef429 0x1ee65b442724166ce10197d31b6e93aed522738d 0x33f68e18a69bea724bffce5a3382f39627a5d41e 0x4599f7746851c8c97f9180ab9038f2c12bd0b9fb 0x736a9dbd8f712ffaef391c2bc959075c9361554a 0x8648897bb91d498a0b433724684f4cd0e7c1c907 0xae9844f89d98c150f5e61bfc676d68b492155990 0x25ee9effb20565a6855cb6efac5ead5028bae36b 0x3c4b7d8d64bb190b94e843408195abc946b02877 0x8a1855ccb536af12b2fc4096066279750d9295a4 0xab9ec61f13652fbe3988178dcbc405709343f336 0xc964f14106da17b49bb3f42722e96392ba5aaecc 0xce83a54534368e3d02237a960aed7a575219ba45

Reasoning

These 18 addresses get exactly the same SAFE tokens, all of them are 639.118438635135 And they are created by the same contract address: 0x8f6Ce1D7D9f01193e5E077Ac5e2c76A6Ec6FbF0C The amount of money transferred after creation and the time are the same: (Aug-03-2020 12:24:38 PM +UTC, the value is: 0 And there is only one transaction record, you can check the following link for details

Methodology

First find the token-related addresses through the airdrop form, then check the correlation of these multi-signature wallets through etherscan and find that they are all from the same contract address:

https://etherscan.io/address/0x27939086a4ae96ddfd1aac4ddc88e4d7a3b0bb40#internaltx https://etherscan.io/address/0x76d8fa73e918d683ffe43a4e1417984fc67c4968#internaltx https://etherscan.io/address/0x9dded1fea6e8639ede34640e5d448111795de728#internaltx https://etherscan.io/address/0xbb25a87242c8d85a69282f892a6440e4f50ef429#internaltx https://etherscan.io/address/0x1ee65b442724166ce10197d31b6e93aed522738d#internaltx https://etherscan.io/address/0x33f68e18a69bea724bffce5a3382f39627a5d41e#internaltx https://etherscan.io/address/0x4599f7746851c8c97f9180ab9038f2c12bd0b9fb#internaltx https://etherscan.io/address/0x736a9dbd8f712ffaef391c2bc959075c9361554a#internaltx https://etherscan.io/address/0x8648897bb91d498a0b433724684f4cd0e7c1c907#internaltx https://etherscan.io/address/0xae9844f89d98c150f5e61bfc676d68b492155990#internaltx https://etherscan.io/address/0x25ee9effb20565a6855cb6efac5ead5028bae36b#internaltx https://etherscan.io/address/0x3c4b7d8d64bb190b94e843408195abc946b02877#internaltx https://etherscan.io/address/0x8a1855ccb536af12b2fc4096066279750d9295a4#internaltx https://etherscan.io/address/0xab9ec61f13652fbe3988178dcbc405709343f336#internaltx https://etherscan.io/address/0xc964f14106da17b49bb3f42722e96392ba5aaecc#internaltx https://etherscan.io/address/0xce83a54534368e3d02237a960aed7a575219ba45#internaltx

Safe Address

0xa3179e715A97c5aD6F0CeB76464A263A75c132F3

tschubotz commented 2 years ago

Thanks for the report. While those Safes look super similar, they are related to Gnosis Protocl v1 (Mesa) and are legit use. cf. https://dune.com/queries/1034933 for a full list of Safes used for this.