Closed 0xKARTOD closed 2 years ago
PulsarNetwork
commented
2 years ago "If the original address has more than 1 Safe address, it gets -30 points" rule is a big mistake
It goes against the principles of sybil hunting:
Methodology that has a non-negligible chance of eliminating legitimate users will not be considered. When in doubt, we opt for “this is legit usage”.
https://forum.gnosis-safe.io/t/community-challenge-identify-airdrop-farmers/847
0xKARTOD
commented
2 years ago "If the original address has more than 1 Safe address, it gets -30 points" rule is a big mistake
It goes against the principles of sybil hunting:
Methodology that has a non-negligible chance of eliminating legitimate users will not be considered. When in doubt, we opt for “this is legit usage”.
https://forum.gnosis-safe.io/t/community-challenge-identify-airdrop-farmers/847
No rush sir. I'm working on that
PulsarNetwork
commented
2 years ago Regarding newly added criteria:
For example, if the same user creates two addresses 1 hour apart, is that suspicious? I think so. And what if it happens on one day, for example? - That's not so bad. If the minimum difference is less than 1 hour - remove 20 points If 3 hours - 10 points If the average is less than 5 hours and there is only one Safe address, another penalty of 5 points
This assumption is arbitrary and unnecessary. I think it's against the principles of this airdrop as the reworked airdrop rules by @tschubotz indicates:
Minimum value stored in Safes: No minimum value required now (was 1 ETH before) In the original proposal, Safes that stored 1 ETH over time were included. This restriction was removed since it again sets an arbitrary restriction. Instead, the number of tokens allocated will just consider the value stored over time, relatively.
https://forum.gnosis-safe.io/t/new-proposal-reworked-safe-distribution-for-users/594
It's preferred that no arbitrary restriction is set, otherwise some legit use cases are likely to get excluded or discredited.
0xKARTOD
commented
2 years ago Regarding newly added criteria:
For example, if the same user creates two addresses 1 hour apart, is that suspicious? I think so. And what if it happens on one day, for example? - That's not so bad. If the minimum difference is less than 1 hour - remove 20 points If 3 hours - 10 points If the average is less than 5 hours and there is only one Safe address, another penalty of 5 points
This assumption is arbitrary and unnecessary. I think it's against the principles of this airdrop as the reworked airdrop rules by @tschubotz indicates:
Minimum value stored in Safes: No minimum value required now (was 1 ETH before) In the original proposal, Safes that stored 1 ETH over time were included. This restriction was removed since it again sets an arbitrary restriction. Instead, the number of tokens allocated will just consider the value stored over time, relatively.
https://forum.gnosis-safe.io/t/new-proposal-reworked-safe-distribution-for-users/594
It's preferred that no arbitrary restriction is set, otherwise some legit use cases are likely to get excluded or discredited.
I think this might hint to us that this original address created a) multiple addresses and b) over a short period of time. But again - this does not directly indicate that the address is a farmer. If, for example, this address is active or has only 2 Related Safe Addresses
PulsarNetwork
commented
2 years ago 我是创建了两个安全地址,第一个我觉得它尾数不好我又创建了一个,到目前为止我只用一个进行多签安全存款,难道这也有错?
someone said:
"I did create 2 Safe addresses. I don't like the ending digits of the first one so I created another. Up till now I only used one of these Safes for transactions. How is it bad?"
and I have some hypothesized use cases for creating multiple Safes within a short time frame.
(1) a fund manager creates Safes for multiple clients
(2) a DAO sets up multiple wallets. One for community funds, another for receiving investor payments, another for salaries, etc.
Please consider these valid use cases.
0xKARTOD
commented
2 years ago 我是创建了两个安全地址,第一个我觉得它尾数不好我又创建了一个,到目前为止我只用一个进行多签安全存款,难道这也有错?
someone said:
"I did create 2 Safe addresses. I don't like the ending digits of the first one so I created another. Up till now I only used one of these Safes for transactions. How is it bad?"
and I have some hypothesized use cases for creating multiple Safes within a short time frame.
(1) a fund manager creates Safes for multiple clients
(2) a DAO sets up multiple wallets. One for community funds, another for receiving investor payments, another for salaries, etc.
Please consider these valid use cases.
Yeh, I see what u mean. Just because you have two addresses does not automatically include you as a farmer. All you get is a 5-point penalty, which is no big deal. As for DAO or manager - if these addresses were later active and made more than 3 transactions, there is also nothing wrong.
But with time, yes, I agree, there are several addresses that have 100 or more Safe addresses. Two of them we found are Tokemak and Staker. But as for the others, we have to do it manually and look for who owns these addresses.
PulsarNetwork
commented
2 years ago Thank you for your consideration. The point system can actually act as effective pre-filtering rules that help us identify suspicious wallets.
0xKARTOD
commented
2 years ago Thank you for your consideration. The point system can actually act as effective pre-filtering rules that help us identify suspicious wallets.
Yep, that make sense. Thanks for the feedback
Sean20216
commented
2 years ago @0xKARTOD I am aslo feel weird about Gnosis team did, even though they knew that it would result in a lot of invalid addresses and farmers get airdrop, they also decided to change the minimum number of txs made count from 3 to 1 and no minimum value required. What happened after this new proposal passed? farmers make money, hunters make money, real users get taxed. I feel ironic about the team decided to lower the airdrop threshold without being able to exculde ineligible addresses.The minimum number of airdrop tokens that were dropped from 400 to 100, and the remaining 300 were given to farmers and hunters. The team did not benefit anyone by lowering the airdrop threshold, they just approved report so you may be labeled as a sybil attacker even if you only use third-party dapps and not use it send transaction yet.
Sean20216
commented
2 years ago Is it possible to compensate for lowering the airdrop threshold by labeling ineligible addresses as sybil attackers?
0xKARTOD
commented
2 years ago Is it possible to compensate for lowering the airdrop threshold by labeling ineligible addresses as sybil attackers?
Do u mean addresses that have less that 5 or 3 or 2 transactions?
Sean20216
commented
2 years ago @0xKARTOD yep, you will see a large amount Sybil attackers which just the addresses have less 3 transactions finally.These addresses Gnosis team should filter and exclude them by themselves, they are not Sybil attackers, but these addresses will be seen as attackers on other projects after this challenge done.
0xKARTOD
commented
2 years ago @0xKARTOD yep, you will see a large amount Sybil attackers which just the addresses have less 3 transactions finally. And these addresses Gnosis team should filter them by themselves, they are not Sybil attackers, but these addresses will be seen as attackers on other projects after this challenge done.
Of course, right now I'm trying to load all the Dune requests. This time I'm trying to focus on user activity - the biggest penalty is the lack of transactions - 50 points
skyonedot
commented
2 years ago Listen, in the statistical community, we have different measures for outcomes, such as AUC, ROC ... In Safe Sbliy Attack Detection, you need to consider the confusion matrix, which is the probability of misclassifying a good guy as a bad guy and the probability of misclassifying a bad guy as a good guy.
I'm 100% sure that the address you've determined here must be wrong, You need to be more granular about the same type of address, you know?
ww941019
commented
2 years ago 你的意思是只有6500个真实用户?多么愚蠢的提议杀死了大多数真正的用户
6500个是哪来的数据?
stringStar
commented
2 years ago That's stupid, if you want to catch a witch. Please show us the evidence of witches, which is not to exclude small capital users. If I only use your application once and become a witch, will I continue to use your application in the future? If you need to exclude users with small funds, you can directly let the official rules limit the number of uses. If you want to give a score. Please go to debank
stringStar
commented
2 years ago This score proposal cannot be used to screen witch accounts. Your score only indicates whether he is a high-quality user, not whether he is an Airdrop Farmer. Airdrop Farmers has only one standard to prove whether the account is related. Don't persecute normal users here
PulsarNetwork
commented
2 years ago This score proposal cannot be used to screen witch accounts. Your score only indicates whether he is a high-quality user, not whether he is an Airdrop Farmer. Airdrop Farmers has only one standard to prove whether the account is related. Don't persecute normal users here
@stringStar don't worry. It's only for screening, not final decisions
stringStar
commented
2 years ago Also, your score evaluation looks ridiculous. All the reference indicators are imaginary, and there is no large amount of data reference. I haven't used safe. I saw this proposal on Twitter
PulsarNetwork
commented
2 years ago I still can't agree with identifying the current list of 500 addresses as sybils in https://dune.com/queries/1268823/2173773, even though I think many of them are suspicious.
According to sybil hunting principles:
Methodology that has a non-negligible chance of eliminating legitimate users will not be considered. When in doubt, we opt for “this is legit usage”
https://forum.gnosis-safe.io/t/community-challenge-identify-airdrop-farmers/847
Procedure justice means that once the rules are set, we should follow the rules. This ensures fairness and integrity of this sybil hunting community challenge.
Wsyglsr
commented
2 years ago I hate air investment hunters, but your rules really hurt ordinary users and new users.Can't a address be created 2 safe?You should give him a quota and normal users to avoid very expensive gasoline fees.
hjg888
commented
2 years ago Real and fake users can send an nft to https://galxe.com/ and require verification of Twitter, discord, and email address to receive nft. The created address of nft will be airdropped, and the addresses that cannot be received will not be given. That's it.
Related Safe Addresses
List of addresses that have yellow 🟡 and green 🟢 score: See all info at Methodology part
green_and_yellow_addresses_reworked.csv https://dune.com/queries/1277996
List of addresses that have red 🔴 score:
red_addresses_reworked.csv https://dune.com/queries/1268823/2173773 ~ 500 addresses
All addresses list:
score_results_reworked.csv https://dune.com/queries/1262047/2162924
Reasoning
In this report we tried to analyze the addresses of airdrop farmers. All the data was obtained using the Dune Analytics database.
A ranking system was built for airdrop addresses based on the following parameters:
Of course, satisfying one of these points is not proof that the address is a farmer. For example I could create a Safe address in 2021, but have only 3-4 transactions during GIP-29. Therefore, a model for evaluating such wallets on a 100-point system was proposed.
Methodology
First of all, let us mention three important references to Dune query:
Using the query [2], let's look at the number of Safe addresses created by one wallet and build the distribution. In a recent tweet I already mentioned wallet 0x5769770f5efe8fb017fb09b6de3b2d096668377d - this address created 5900 Safe addresses in the period from early 2022 to August 18, 2022 (hereinafter - event period).
It turned out that during the period of this event:
Next, using the query [3], let's look at the activity considering all the official master copies (singlet) in the Ethereum main network:
Namely, the following parameters - the number of transactions during this period, fees spent on transactions and the relative fees ( Fees / number of transactions ). Gas spend on txs is a good indicator on how valuable a txs was for the executor at the time of the tx .
Thus, the following important data were obtained:
But now how do we determine what is the optimal number of transactions to determine the airdrop farmer? Is the creation of a Safe Address proof that it is a farmer? We need to come up with a system or methodology to measure activity, amount of gas spent, address creation in 2022, etc.
Let's make the following grading system, where the maximum is 100 points:
Why 1450 txs and 1.18 fees?
Let's first look at the number of transactions for each wallet.
We see that the maximum number of transactions is 2256, but further we see a big gap between the first and second address, between the second and third, that is up to values ~900 transactions distribution has dedicated steps, which is best to smooth. So the best we can do is to take the average of the first five addresses and get 1450. Similar steps are done for gas.
Changes:
Lots of feedback has been received directly on the forum, that is why we have changed the criteria and methodology for calculating the score.
Tx fees
First of all, we excluded gas from consideration in this methodology. First, because the price of gas varies depending on the period you want to consider. And secondly, not a few users simply save and wait for the right time when the price of gas is lowest, and only then make a transaction.
Related Safe Addresses
Let's go a little deeper into the Related Safe Addresses system and say that if, for example, the original wallet has two addresses, he gets a penalty of 5 points (30 before).
If the purse has three Safe addresses - penalty of 15 points If more than or equal to 5, then a penalty of 30 points And the highest penalty, if more than 100 Safe addresses - 45 points
Also, we took into account the two addresses: '0x9e0bce7ec474b481492610eb9dd5d69eb03718d5' - Tokemak address 0x5769770f5efe8fb017fb09b6de3b2d096668377d' - Staker App address We treat them and the related addresses as separate addresses
Transactions Added regular transactions such as "Transfer", not only official master copies. Instead of calculating something by formula, taking averages, and so on, let's just say the following:
We also add a couple of points for addresses that have more than 50 transactions
Difference in the time of Safe address creation
A new parameter to consider is the time difference in creating addresses (with the exception of Tokemak and Staker App). For example, if the same user creates two addresses 1 hour apart, is that suspicious? I think so. And what if it happens on one day, for example? - That's not so bad. So again we introduce a penalty system and calculate the minimum and average interval between the addresses for each original address. The query below will help us with this.
https://dune.com/queries/1261299
If the minimum difference is less than 1 hour - remove 25 points If 3 hours - 15 points
If the average is less than 5 hours and there is only one Safe address, another penalty of 5 points
Score calculation
Given that the maximum penalty will be 100 (if the address has more than 100 Safe addresses, has less than 1 transaction in the GIP-29 period, if there are additional Safe addresses and they were created less than 1 hour apart) the Score is now calculated as:
Safe Address
0x1B491d59846cb605A24a4690Df631946E52a2D0e