search

safe-global / safe-user-allocation-reports

The proposed list of SAFE user allocations has been published on the Safe forum.
Creative Commons Zero v1.0 Universal
34 stars 10 forks source link

Sybil Attacker Report with Algorithm and Source Code Provided #505

Closed FarmerRoyal closed 2 years ago

FarmerRoyal commented 2 years ago

Related Safe Addresses

Batch 1
0x5969539242892ccf3b2e78437904bd2b0cde684b
0x998ac90e6286b506f22791a0e01978a0aae30b78
0xa022ba0a753fa6b5b725e7bc88b178f5a6c707ab
0x3cd6fff983498df18bad8474554355fafdb63978
0x5b9962a5dbb9953573f793333b61c2237e5bb5a8
0x873d8cfd921062ee62b96ed2ea39cd10f321366b
0xbb390d88be59f9d485617f77cd4d7b8b77bdb6ee
0x99178b08591085666deb185fcd47c0f0b3d0cb43
0x718e4c28e4f3f93a38e65969ecd66dc77fdeabd2
0xeb1063da6f7080eaa0c30356ec6a76cc895ca084
0xff6746e27f1dd7a21134dd7a6740121424daaff8
0x08ef2b3b8540eccc1d04a3022c19ea11af29da5a
0xd6510c2097b93bbd676306c8f59d55579ca56fb1
0x370222d8bed9635d8f97f74813e256fc856c667a
0xdd21df577b00302c44a2f801d85af420a3e154d9
0x53a0035b08da9a27b97bffa7e7be4d917635ae41
0xb92c4d4b53b9d1bbf0f19fc69812c9f9c5900446
0x41890bd02fc108db38e8897296f0454758bdb857
0xdd405d77870f19698ffc3ebb4de18586e02325de
0xd3438ea85fe7a6819aefa1d14fb439ff8280a216
0xf501410d751a7c2536dbc9747e42d37ad0434255
0x07535d4a5e4b39f4ffd47b0fe3dd60db78d66a82
0x01eb674fb11dba2cf8fafc4241f7fb015dacb911
0xafc61227914ae2981398a80b579615b14bd969f6
0xf78197b567ab51ec2d27b3f573406b39afd6e1b3
0xe76d327dd7aaef8eb9c5fca6cf3ee9db58b8efab
0xaec0c9604898bbf5520c806d5c863b3127030960
0x72c551b4f1a70756e3742e6e7146582f6f23757c
0xa3b70d1ffdb7c819930abd4c1188ffd1a6040856

Batch 2
0xfc4b23012c30a71df5d348ff3c42dd01b6490477
0xe68bd81411c349318dad4f345b2838f95a896a5f
0xbb981411754958d3471a0f22ae8eb96417220735
0xfa12cb208cd411f7e09abef3ca4633898e4c2c76
0x87c80f22c352038f230ebc9c2b702339d5e11574
0xd3a322271abccee412ba29bb8a66ac7c8057f785
0x0b7c888c15ff7074c13265af28e46846d7d9e153
0x3de64ce6efc6c113ae5941b1fbcd034f800d2928

Batch 3
0xd7a1ae64dbfac0965ec6132eb6116606e2618110
0x920bb50a256dcb67a84b32064236b396cba4f6aa
0xb9c148dee8802862397577a299a483b34ea0f630
0xcdd08b984b4fa5a53b6380613bf6bb293f1f8edd
0xb3bff6a78d4f95058422761c0eded8c5553d3df9
0x0e60c5094d1fdce1e5227b3333d9d93c1b71deb5
0xe4690b2acc8dda18c27f70098ff929a7d3a4e803

Batch 4
0x8f66b9dac2e4eb07da11dcba76111b4677dbac18
0xa169f07985bbf7d29824e9055ad02a3a0cf4bec2
0xa3128cfe14ce4aee3f812c6c3491892cef62c5b8
0xcec8fc36d45787008e6f76c20b8f3fb92db2aca1
0x13c4912ed073056c67a2fbc23c8fb379561d39a5
0x41f0786576a3de9934e6ea2ad15967e6e889bcd2
0xd18f8a109d9ec2da7ba1afb3705306d97ba7a9cc
0x2bb48dbb4881560239c978ca5e8d2f5da395a961
0x345ba1c6354c68774a62c13d9f7b2d3af89856b3
0x1f348a652e63304d7d50c628fd7669af55edb1ab

Batch 5
0x70496a025eeaeb3f13c8153ed6408e0ba54163fb
0x6b49e6c79e604ea46e1dc8a936bfad4eb97d59e3
0x7abbd44f9b7872fd6db3d54945e94021178477e3

Reasoning

Batch 1

0x5969539242892ccf3b2e78437904bd2b0cde684b
0x998ac90e6286b506f22791a0e01978a0aae30b78
0xa022ba0a753fa6b5b725e7bc88b178f5a6c707ab
0x3cd6fff983498df18bad8474554355fafdb63978
0x5b9962a5dbb9953573f793333b61c2237e5bb5a8
0x873d8cfd921062ee62b96ed2ea39cd10f321366b
0xbb390d88be59f9d485617f77cd4d7b8b77bdb6ee
0x99178b08591085666deb185fcd47c0f0b3d0cb43
0x718e4c28e4f3f93a38e65969ecd66dc77fdeabd2
0xeb1063da6f7080eaa0c30356ec6a76cc895ca084
0xff6746e27f1dd7a21134dd7a6740121424daaff8
0x08ef2b3b8540eccc1d04a3022c19ea11af29da5a
0xd6510c2097b93bbd676306c8f59d55579ca56fb1
0x370222d8bed9635d8f97f74813e256fc856c667a
0xdd21df577b00302c44a2f801d85af420a3e154d9
0x53a0035b08da9a27b97bffa7e7be4d917635ae41
0xb92c4d4b53b9d1bbf0f19fc69812c9f9c5900446
0x41890bd02fc108db38e8897296f0454758bdb857
0xdd405d77870f19698ffc3ebb4de18586e02325de
0xd3438ea85fe7a6819aefa1d14fb439ff8280a216
0xf501410d751a7c2536dbc9747e42d37ad0434255
0x07535d4a5e4b39f4ffd47b0fe3dd60db78d66a82
0x01eb674fb11dba2cf8fafc4241f7fb015dacb911
0xafc61227914ae2981398a80b579615b14bd969f6
0xf78197b567ab51ec2d27b3f573406b39afd6e1b3
0xe76d327dd7aaef8eb9c5fca6cf3ee9db58b8efab
0xaec0c9604898bbf5520c806d5c863b3127030960
0x72c551b4f1a70756e3742e6e7146582f6f23757c
0xa3b70d1ffdb7c819930abd4c1188ffd1a6040856
  1. All these Safes are created and owned by the only EOA address 0x6C642caFCbd9d8383250bb25F67aE409147f78b2,
  2. All the Safes has no direct interactions,
  3. All the Safes are created with the same pattern. The EOA address 0x6c64 create, transfer in, and transfer out the token to the same destination (“DXdao: Mesa”, address 0x6F400810b62df8E13fded51bE75fF5393eaa841F) in the same transaction, and there are multiple identical transactions sent by the EOA address and created the above mentioned address set,

Untitled

  1. Tokens transferred in and out of the Safes are extremely small in size, the transaction volume can not even cover the transaction fee.

Batch 2

0xfc4b23012c30a71df5d348ff3c42dd01b6490477
0xe68bd81411c349318dad4f345b2838f95a896a5f
0xbb981411754958d3471a0f22ae8eb96417220735
0xfa12cb208cd411f7e09abef3ca4633898e4c2c76
0x87c80f22c352038f230ebc9c2b702339d5e11574
0xd3a322271abccee412ba29bb8a66ac7c8057f785
0x0b7c888c15ff7074c13265af28e46846d7d9e153
0x3de64ce6efc6c113ae5941b1fbcd034f800d2928
  1. All these Safes are created by the same EOA address 0x28829CdB803C41Cb8a7858455b4FFC70b5DfacF4 at the same time,
  2. All these Safes share the same set of owners (0x28829CdB803C41Cb8a7858455b4FFC70b5DfacF4 and 0x339ae9545E7e1470f1dac54EeD56AFb6E1377d2F),
  3. All the Safes has only 1 direct interaction, which is to transfer the funds from the Safe to another Safe within this batch,
  4. The interactions with these Safes happened immediately after the creation, and no more interactions after that,
  5. All the transactions are limited to small volume (<$5 in USDC), and the current balance of the Safes are small (<$3 in USDC).

Batch 3

0xd7a1ae64dbfac0965ec6132eb6116606e2618110
0x920bb50a256dcb67a84b32064236b396cba4f6aa
0xb9c148dee8802862397577a299a483b34ea0f630
0xcdd08b984b4fa5a53b6380613bf6bb293f1f8edd
0xb3bff6a78d4f95058422761c0eded8c5553d3df9
0x0e60c5094d1fdce1e5227b3333d9d93c1b71deb5
0xe4690b2acc8dda18c27f70098ff929a7d3a4e803
  1. All these Safes are created by the same EOA address 0x2BB655A15c96776B5A8Fa75EFD22B2c030098FfF,
  2. All these Safes share the same set of owners (0x2BB655A15c96776B5A8Fa75EFD22B2c030098FfF and 0x7bf173bF2132441eF5e0Fd6314746EaF889a62fC)
  3. All the Safes have only 1 small amount ETH transfer in, and up to 3 withdrawal transactions to other addresses that are connected with each others (have direct transactions in between).

Batch 4

0x8f66b9dac2e4eb07da11dcba76111b4677dbac18
0xa169f07985bbf7d29824e9055ad02a3a0cf4bec2
0xa3128cfe14ce4aee3f812c6c3491892cef62c5b8
0xcec8fc36d45787008e6f76c20b8f3fb92db2aca1
0x13c4912ed073056c67a2fbc23c8fb379561d39a5
0x41f0786576a3de9934e6ea2ad15967e6e889bcd2
0xd18f8a109d9ec2da7ba1afb3705306d97ba7a9cc
0x2bb48dbb4881560239c978ca5e8d2f5da395a961
0x345ba1c6354c68774a62c13d9f7b2d3af89856b3
0x1f348a652e63304d7d50c628fd7669af55edb1ab
  1. All these Safes are created and owned by the same EOA address 0x3A11F4c84688a1264690d696D8D807a25Ee02dd2,
  2. All the Safes has no direct interactions,
  3. All the Safes are created with the same pattern. The EOA address 0x3A11 create, transfer in, and transfer out the token to the same destination (“DXdao: Mesa”, address 0x6F400810b62df8E13fded51bE75fF5393eaa841F) in the same transaction, and there are multiple identical transactions sent by the EOA address and created the above mentioned address set.

Batch 5

0x70496a025eeaeb3f13c8153ed6408e0ba54163fb
0x6b49e6c79e604ea46e1dc8a936bfad4eb97d59e3
0x7abbd44f9b7872fd6db3d54945e94021178477e3
  1. All these Safes are created by the same EOA address 0x10015BB2bFE9A5456d7B72b5A07FF15E854866a3 at the same time,
  2. All these Safes has only 1 direct interaction, which is to transfer the funds from the Safe to another Safe within this batch,
  3. All the transactions are limited to small volume (<$5 in USDC), and the current balance of the Safes are small (<$3 in USDC), except for one Safe has balance from Kucoin withdrawal.

Methodology

  1. Create an undirected graph of SAFEs.
    1. Each node represents a SAFE address.
    2. An edge between any two nodes (i.e., SAFEs) addr1 and addr2 exists if all of following conditions are satisfied:
      1. addr1 and addr2 have the same set of owners;
      2. addr1 and addr2 have the same creator;
      3. Some past transfer behaviors were spoted between any one of the three pairs: 1) addr1 <—> addr2; 2) addr1 <—> creator/owners of addr2; 3) creator/owners of addr1 <—> addr2. Specifically, the transfer behaviors need to satisfy the following two conditions.
        1. We only consider transfers of tokens in {ETH, USDC, USDT, DAI, WBTC, WETH, SHIB, HEX}. Other ERC20 tokens are ignored so as to avoid mistakenly including those SAFEs that are used for token vesting.
        2. The number of token-transfer transactions is less than or equal to 3.
  2. For each connected component of the undirected graph constructed above, we consider all its nodes (i.e., SAFEs) as a batch of addresses controled by an airdrop farmer.
  3. Further, we manually review and analyze all the addresses in each connected component as presented in Section Reasoning.

All the codes could be viewed in the GitHub Repo FarmerRoyal/GnosisSafeFarmerFilter.

Safe Address

0xd4055E2065c38dd09a187E64d1Bc91051B1515FE

tschubotz commented 2 years ago

Batch 1 & 4: While looking super similar, they are actually Safes used by in Gnosis Protocol v1 (Mesa) to place orders and create some kind of on-chain order book. So it's legitimate usage. Full list of Safe is here.

Batch 2.3,5: Thank you for the report. 8 of the Safes have been found by another report already but we've identified the following addresses to be related to airdrop farming:

0xd7a1ae64dbfac0965ec6132eb6116606e2618110
0x920bb50a256dcb67a84b32064236b396cba4f6aa
0xb9c148dee8802862397577a299a483b34ea0f630
0xcdd08b984b4fa5a53b6380613bf6bb293f1f8edd
0xb3bff6a78d4f95058422761c0eded8c5553d3df9
0x0e60c5094d1fdce1e5227b3333d9d93c1b71deb5
0xe4690b2acc8dda18c27f70098ff929a7d3a4e803
0x70496a025eeaeb3f13c8153ed6408e0ba54163fb
0x6b49e6c79e604ea46e1dc8a936bfad4eb97d59e3
0x7abbd44f9b7872fd6db3d54945e94021178477e3
corbinpage commented 2 years ago

Sorry for missing this one @tschubotz. Batch 3 is created by Paymagic and I flagged in some other issues.

We'd like to be eligible for the Safe drop for our customer accounts.

Mind not excluding our Safes?

Hi 👋, these are Safes created as part of our startup, Paymagic.xyz. Not airdrop farming. 🙂

We create customizable Safes to help DAOs/consumers automate payments, and these are customer account Safes. We are a Safe Guardian, contribute code and bug reports to the Safe ecosystem, and build plugins for Safes via Zodiac. We'd like to get the airdrop to increase our skin-in-the-game and commitment to the Safe ecosystem and plan to be active participants in the DAO. 

Happy to discuss further if helpful.