[DRAFT PROPOSAL] Remove airdrop farmers (sybil attackers)

[DRAFT PROPOSAL] Remove airdrop farmers (sybil attackers)

Summary

  • On chain evidence shows chains of addresses that have farmed the Guru NFT, by using BSC or Polygon to make a swap (with tip) from hundreds of different addresses, and then later claiming the NFT on all the addresses as well.
  • Initial estimate of the scale of airdrop farming is more than 2,000 addresses, potentially 4,800 addresses. That would be almost half of the GURU airdrop. This is potentially catastrophic for the DAO as small number of people would have very large control on all future issues. Alternatively they may dump their farmed tokens leading to weeks of declining token price, unhappy community, and reputational damage to Dex Guru.
  • This proposal is to firstly raise awareness to this issue, and secondly to establish a committee to review on chain data and identify airdrop farmers.

Background

Several recent proposals have discussed eligibility criteria for the GURU token airdrop, namely Snapshot voting and possibly a minimum transaction filter. The transaction count filter is not ideal as it will exclude some real users and could still be gamed by the airdrop farmers.

On Chain Evidence of Airdrop Farming

To understand how many addresses might be eliminated by a transaction filter I created a Dune query: Dune

Out of the 12,432 addresses holding at least 1 Guru Season Pass NFT:

  • 248 addresses have ZERO transactions on Ethereum mainnet. This means that they did not even mint or buy the NFT, it was sent to that address, possibly as a sybil attack.
  • 3,234 addresses have ONE transaction. Many of these are legitimate users who trade on other chains and just funded their Ethereum address to mint the NFT.
  • 1,904 addresses have TWO transactions. This is unexpectedly large, given that real users should have a wide variation in their number of transactions.

By clicking through the addresses in my Dune query and examining them in Etherscan, every address I looked at with TWO transactions looked exactly the same: A chain of “ETH in, mint Guru NFT, ETH out”. These addresses are all linked together like one long chain where the ETH moves from one address to the next and each mints an NFT.

Example chain: https://etherscan.io/address/0x6c7823c4c30dafb46507bc516c1dc3fbc0288678

How did this farmer mint so many NFTs? I had a hunch that they “pre-farmed” the NFT by making the same chain on a low-fee blockchain, creating hundreds of addresses and making a small tip with each one.

Sure enough, here is the corresponding chain on BSC: https://bscscan.com/address/0x6C7823c4c30dAFb46507Bc516C1DC3fbC0288678

We can see that they swapped BNB for BUSD, then swapped back, moved the BNB to their next address, and repeated the process. They did this in August 2021 (I will say the farmer is very patient!).

I traced one of these chains back to the starting point: https://etherscan.io/address/0x8886fcc55c3c87c15b4637481b33837c72df980e

We see that ETH comes in from an exchange, then is sent out to 6 different addresses, each of those start off a chain of Guru NFT farming, then at the end all the leftover ETH comes back into this address, and then is sent to an exchange again.

This is just one example of an airdrop farmer but there could be others as well with different strategies.

To estimate how many chains like this exist, I first made a scatter plot of all the current NFT holders with the date of their first transaction (on Ethereum) and total number of transactions (on Ethereum). Most of the graph is a random pattern, which is what we would expect for real users. Each blue datapoint has 5% opacity, so the darker blue areas indicate many addresses with almost exactly the same characteristics, and therefore might be created by a farmer.

output1

Zooming in to the bottom right of the plot and reducing the brightness of the dots even further, we see a few “bands” of addresses all created within a 48 hour period (31 March - 01 April) with either ZERO or TWO transactions. This totals 4,776 addresses. :exploding_head:

output2

Looking at addresses with zero transactions, I found that some individuals had purchased a lot of NFTs from OpenSea and then split them into many addresses. This goes against the proposed airdrop criteria, which says that all users should get the same GURU airdrop regardless of how many NFTs they have.

Example: https://opensea.io/0xea0BBb63595593cfCBab11c54f904877e2a1B982?tab=activity

Can we use Snapshot voting to eliminate farmers?

Unfortunately, the answer is no.

I downloaded a list of all the addresses that voted in the last Snapshot proposal and checked some of the farmed addresses above, they were all on the list of Snapshot voters.

Clearly the airdrop farmers are very determined and they have spend a lot of time creating these addresses almost a year in advance, claiming the NFTs, and now voting on Snapshot with all their addresses as well. They are heavily incentivised to spend their time ensuring that they get this airdrop, possibly worth millions of dollars to them over thousands of addresses.

Given this, I would not be surprised if they are also active on Discord trying to convince people not to apply any filters to the airdrop, and will of course use their farmed NFTs to vote against this proposal.

Proposal

  • I encourage the community to start investigating the on chain evidence to identify airdrop farmers and post your findings in a reply.
  • Ultimately I don’t think we can tackle this problem with a transaction count or other criteria without risking excluding some real users in the process. We should do our best to create a list of farmer addresses and simply exclude them from the airdrop, after using whatever criteria is decided from the previous proposals (e.g. Snapshot voting).
  • We can create a committee to assemble this list. I can be involved but will need volunteers to help. I asked the Dex Guru team but they say that the DAO must decide everything relating to the airdrop.

UPDATE: Nick in Discord has confirmed that the DAO can engage the Dex Guru team to do the investigation if the DAO decides so. :partying_face:

Specifications

It is important to clarify that we want to keep all real users in the airdrop. Some people may even have multiple addresses (hot wallet, cold wallet, mobile wallet, etc.) and that is fine.

I believe we should only exclude clearly organised airdrop farming operations. An initial criteria might be if we find at least 5 or 10 addresses that appear to be controlled by the same person.

The blacklist can also be published on this forum and in Discord so that anyone can object if they are in there by mistake.

We can use the data I have already obtained, so that the farmers do not have chance to react and hide their activities before we investigate. If they do move their NFTs to other addresses it will then be easy to find.

UPDATE: Just to clarify, the lists below are ALL holders of the NFTs, not a list of farmers! There is no such list yet. Do not worry if you address is in the list, it is normal.
Here is a list of all NFT holders: Dex Guru NFT Holders 2022-04-24 · GitHub
This is from my Dune query linked above so anyone can verify it.

This is a list of Snapshot voters (taken from 3rd proposal): Snapshot voters on "[PROPOSAL] Sub-DAO mechanics" · GitHub
Again anyone can get this data with Graph QL (see Snapshot docs).

Pros

  • Eliminate unfair airdrop farming operations that may control or damage the DAO.
  • All real users will get more tokens.
  • Avoid an embarrassing situation and reputational damage.

Cons

  • Extra work to investigate

Poll

We can do a temperature check on Discord.

If anyone knows a way to get the Collab Land data, I can check how many farmers vote against us :rofl:

266 Likes

The research was comprehensive and thorough
May I ask what ways do you have to filter these farmers to match the decentralized atmosphere of this project?

25 Likes

I believe you could use the option wherein you see how long the wallet is active on a given blockchain i.e. if the wallet is doing transactions on other dapps including some good amount being spent… not just dust transactions, you could also see if the wallet was just used to trade on Dex guru few months back and after that no transaction look place from that wallet to the point of minting the NFT

18 Likes

This is excellent analysis. Unless someone comes up with valid explanations for the above behavior, I think the proposal has merit.

I would certainly support further investigation in to this. Maybe we do a temperature check on whether we want the team to investigate this further?

12 Likes

If a wallet has +50 transaction on all chains, that to me means the wallet had been in REAL use. But if the wallet had for example just 10 transaction in it’s lifetime (on all blockchains), it’s 99% because the wallet is only for airdrop hunting. So let’s define what a real wallet is based on it’s transaction on all chains and not only Ethereum. Because many daily users use Polygon, BSC and other chains regularly rather than Ethereum (High gas fees)

34 Likes

Yes in the example address I posted, the only activity was swapping 245 days ago (in hope of Dex Guru airdrop) and then now minting the NFT. Nothing in between.
I also found some addresses which appear to have been reused for other farms, such as depositing to zkSync, depositing to Arbitrum, depositing to Aztec, swapping on Matcha/0x and swapping on Dex Guru. All of these actions taken exactly once, and chained together with many addresses of the same behaviour.

1 Like

In general the farming addresses I have found do have low transaction counts, however:

  1. Using a rule of 50 txs will inevitably exclude some real users.
  2. Some of the farming addresses have been used to farm several different projects that may do an airdrop, which increases their transaction count as well.
  3. I have not had time to look into the data in full detail, especially not addresses with > 50 transactions. My post just shows the most obvious farmers that I quickly found.
10 Likes

Good work on the investigation, loved the data and i fully support the filtered version of tokenomics for the longterm benefits of all the other users and the projects.

The intended farming to get the airdrop should be stopped.

Thanks

5 Likes

what about new users of DEFI
most of us are new to crypto and DEFI and we may not have used our wallet too much
it’s totally insane and unfair

8 Likes

Awesome stuff digging through the data!

We could link wallet addresses with Discord IDs. In fact we have done that via collabland in dexguru’s discord server. Perhaps this might help in filtering sybil wallets?

4 Likes

Great job. We cannot allow organized airdrop farming whose only aim is to farm airdrops and dump on community and real users.

3 Likes

Farmers are controlling the DAO, it’s hard to have a fair vote. They vote against everything that is detrimental to them.

2 Likes

I have one suggestion. Many users will vote against this proposal even if they are not airdrop hunters. They will vote against it just out of fear that they may get deleted by mistake.

You should publish the addresses of the airdrop hunters as a proposal and ask users if they agree to delete those hunters from the airdrop. This way your proposal will get through and hunters will be deleted.

30 Likes

I strongly support the analysis. A further investigation should carry out to exclude airdrop farmers.

2 Likes

Thanks for the great work in doing a thorough investigation on sybil wallets!

Here’s my thoughts, we might need to set out a few criteria to identify real users:

  • wallets with a minimum number of tx as shared by @kaltdunkelheit, this will filter out sybils
  • having wallet addresses linked to discord IDs in Dex Guru server (as shared by @hesed)
  • ensuring that discord ID is linked to their user profile here on gov.dex.guru, &
  • noting their activity / contribution either on gov.dex.guru or on the discussion channel in Dex guru discord server

Im typing this in the wee hours, hopefully the above make sense, & open to hear your thoughts.

8 Likes

Good job. I like your idea. there are too many airdrop hunters. However, filtering the airdrop hunter without missing users is a difficult problem :joy: :joy: :joy: :joy:

I do support your logic behind it, eliminating airdrop hunters which could hurt the project. But i do hope you will not hurt innocent real user just by looking at amount of transactions which you may think every real users trades a lot, which isn’t the case for that.

1 Like

I think that checking the number of transactions and the age of wallet is the best way to remove the airdrop farmers

7 Likes

as you mentioned the obvious farmers have small number of transactions like 2 or 3, so how about set a minimum number of transactions about 10 or 15 on all chains to eliminate the most obvious farmers and also keep new defi users and holders in the list by reducing number of transactions from 50 to 10.

11 Likes

I strongly agree. Identical users participating on multiple accounts should be excluded from airdrop.

3 Likes