Closed Neverlander0 closed 2 years ago
tschubotz
commented
2 years ago @farmerxx
same comment from my end like in https://github.com/safe-global/safe-user-allocation-reports/issues/54#issuecomment-1250255164
There is a (quite high imo) non-zero chance this would remove legitimate usage.
lukasschor
commented
2 years ago We haven't received any further information on this ticket and therefore deemed this submission invalid.
Unfortunately just the pure fact that Safes...
... is not enough reasoning for a valid submission, as there are legit user behaviour leading to such as well (relayer, scripts, power users, exchanges)
This submission didn't provide sufficient indicators to convince the team that there is some targeted airdrop farming behind the provided addresses. As per the rules, when in doubt we will default in favor of the airdrop recipients in order to not risk any false positives when sorting out airdrop hunters.
Related Safe Addresses
0xec4e7362dc4e6697409726d6d4960b6a6b35c696 0xd851948f8260d78a2a2d68c824cf4669c58ad721 0xcdf7d48d8bb077d198d09308d1bf280c8346438f 0xba8d0b509d040b712837f282e5cb6d4a7a1455c2 0xb41387be32a9c796c1c37f8b46c1fa6e07353e90 0xa4d8fb3891a2afad98a78e964c223c2255b7ed10 0x988b58a6014c3deffb452ded90965ecbec0c3e70 0x94b6672eaa320fffddfb9f2c608f9da911d74045 0x93351236ff32d02d09e8c778b928361469a26a5e 0x6b8b32a809edeb6e01028fc9fe7873eea0276f6d 0x69c68828aaabb43ef5bc9a97ca9080d62e633ae1 0x15a079ba1c362cd81e0ac771203754d5c086d89f 0x14eaf1a316d2822c1ce3ae367cc47d353e908136 0x0c563016439ee2583e4a72284c136df98120c96b
Reasoning
1、These Safe address are all created by 0x0E68Cc646E2B9878d1472a218f0a505aa8f8555d 2、 Almost all of the transactions from this address is to create Safe address and execute Safe transactions and do nothing else. 3、Most Safe address only use one time or multiple transactions at the same time. 4、Let us analyse the owners of All Safe address!
There are 7 owners. owner 1: 0x0E68Cc646E2B9878d1472a218f0a505aa8f8555d Safe address creator.
owner 2: 0x81C789d11B5221Adf91Fe52ABaEF04A464f666B9 Safe address executor 1. Most of 36 Safe address were executed transcations by this wallet. Initial eth of owner 2 is from owner 1. https://etherscan.io/tx/0x121520d6780c57790870c50ec4235044cb41f380a7a824c00a62bfa4fc80c35b
owner 3: 0xc9d4314c46dbb5417e752754331278f70dbbb064 Safe address executor 2. Some Safe address were executed transactions by this wallet. Initial eth of owner 3 is from owner 1. https://etherscan.io/tx/0xc83d6df4add4a105b5b3c69003a7c60f78db92ca6693e8c1fc48b36db5072edc
owner 4: 0xcf9aD8309182bE3b83a461b9981A915d29542cB8 Nearly empty wallet,the only transaction is owner1 transferred 0.2eth to owner 4. Is if fun? https://etherscan.io/tx/0xf36e2dc55d71b204fe8d80a294e24938f99af70f12c456a09c64682c2564c623
owner 5: 0x004DB9806648244382b39beFC183f39D575061Ef Empty wallet,have no transaction.
owner 6: 0xea191ae1794ff92ee7fb02c71a6af4b912a2cff4 Empty wallet,have no transaction
owner 7: 0x946d66CDcC68CFe2D84c7Fd9C8B790c48C189d30 Empty wallet,have no transaction
All 36 Safe address are controlled by the same creator、executors and empty wallets.
Apart from empty wallets, all other wallets have direct transations with owner 1.
From all analysis above, we can conclude that all owner and Safe address are actually controlled by one person, i means, airdrop farmer.
Methodology
Download all the transactions of Safe wallet factory and find the address created many Safe wallets. Analyse all the transacitons and behavior of the Safe wallets and finally find the suspicious airdrop farmer address. After finding suspicious airdrop farmer address , find the evidence how they do sybil-attack.
Safe Address
My Safe Address 0x75c5d4B456b697C9CCa3DAAf4c4a2392b3E1Ddbb