[DRAFT PROPOSAL] Remove airdrop farmers (sybil attackers)
- On chain evidence shows chains of addresses that have farmed the Guru NFT, by using BSC or Polygon to make a swap (with tip) from hundreds of different addresses, and then later claiming the NFT on all the addresses as well.
- Initial estimate of the scale of airdrop farming is more than 2,000 addresses, potentially 4,800 addresses. That would be almost half of the GURU airdrop. This is potentially catastrophic for the DAO as small number of people would have very large control on all future issues. Alternatively they may dump their farmed tokens leading to weeks of declining token price, unhappy community, and reputational damage to Dex Guru.
- This proposal is to firstly raise awareness to this issue, and secondly to establish a committee to review on chain data and identify airdrop farmers.
Several recent proposals have discussed eligibility criteria for the GURU token airdrop, namely Snapshot voting and possibly a minimum transaction filter. The transaction count filter is not ideal as it will exclude some real users and could still be gamed by the airdrop farmers.
On Chain Evidence of Airdrop Farming
To understand how many addresses might be eliminated by a transaction filter I created a Dune query: Dune
Out of the 12,432 addresses holding at least 1 Guru Season Pass NFT:
- 248 addresses have ZERO transactions on Ethereum mainnet. This means that they did not even mint or buy the NFT, it was sent to that address, possibly as a sybil attack.
- 3,234 addresses have ONE transaction. Many of these are legitimate users who trade on other chains and just funded their Ethereum address to mint the NFT.
- 1,904 addresses have TWO transactions. This is unexpectedly large, given that real users should have a wide variation in their number of transactions.
By clicking through the addresses in my Dune query and examining them in Etherscan, every address I looked at with TWO transactions looked exactly the same: A chain of “ETH in, mint Guru NFT, ETH out”. These addresses are all linked together like one long chain where the ETH moves from one address to the next and each mints an NFT.
How did this farmer mint so many NFTs? I had a hunch that they “pre-farmed” the NFT by making the same chain on a low-fee blockchain, creating hundreds of addresses and making a small tip with each one.
Sure enough, here is the corresponding chain on BSC: https://bscscan.com/address/0x6C7823c4c30dAFb46507Bc516C1DC3fbC0288678
We can see that they swapped BNB for BUSD, then swapped back, moved the BNB to their next address, and repeated the process. They did this in August 2021 (I will say the farmer is very patient!).
I traced one of these chains back to the starting point: https://etherscan.io/address/0x8886fcc55c3c87c15b4637481b33837c72df980e
We see that ETH comes in from an exchange, then is sent out to 6 different addresses, each of those start off a chain of Guru NFT farming, then at the end all the leftover ETH comes back into this address, and then is sent to an exchange again.
This is just one example of an airdrop farmer but there could be others as well with different strategies.
To estimate how many chains like this exist, I first made a scatter plot of all the current NFT holders with the date of their first transaction (on Ethereum) and total number of transactions (on Ethereum). Most of the graph is a random pattern, which is what we would expect for real users. Each blue datapoint has 5% opacity, so the darker blue areas indicate many addresses with almost exactly the same characteristics, and therefore might be created by a farmer.
Zooming in to the bottom right of the plot and reducing the brightness of the dots even further, we see a few “bands” of addresses all created within a 48 hour period (31 March - 01 April) with either ZERO or TWO transactions. This totals 4,776 addresses.
Looking at addresses with zero transactions, I found that some individuals had purchased a lot of NFTs from OpenSea and then split them into many addresses. This goes against the proposed airdrop criteria, which says that all users should get the same GURU airdrop regardless of how many NFTs they have.
Can we use Snapshot voting to eliminate farmers?
Unfortunately, the answer is no.
I downloaded a list of all the addresses that voted in the last Snapshot proposal and checked some of the farmed addresses above, they were all on the list of Snapshot voters.
Clearly the airdrop farmers are very determined and they have spend a lot of time creating these addresses almost a year in advance, claiming the NFTs, and now voting on Snapshot with all their addresses as well. They are heavily incentivised to spend their time ensuring that they get this airdrop, possibly worth millions of dollars to them over thousands of addresses.
Given this, I would not be surprised if they are also active on Discord trying to convince people not to apply any filters to the airdrop, and will of course use their farmed NFTs to vote against this proposal.
- I encourage the community to start investigating the on chain evidence to identify airdrop farmers and post your findings in a reply.
- Ultimately I don’t think we can tackle this problem with a transaction count or other criteria without risking excluding some real users in the process. We should do our best to create a list of farmer addresses and simply exclude them from the airdrop, after using whatever criteria is decided from the previous proposals (e.g. Snapshot voting).
- We can create a committee to assemble this list. I can be involved but will need volunteers to help. I asked the Dex Guru team but they say that the DAO must decide everything relating to the airdrop.
UPDATE: Nick in Discord has confirmed that the DAO can engage the Dex Guru team to do the investigation if the DAO decides so.
It is important to clarify that we want to keep all real users in the airdrop. Some people may even have multiple addresses (hot wallet, cold wallet, mobile wallet, etc.) and that is fine.
I believe we should only exclude clearly organised airdrop farming operations. An initial criteria might be if we find at least 5 or 10 addresses that appear to be controlled by the same person.
The blacklist can also be published on this forum and in Discord so that anyone can object if they are in there by mistake.
We can use the data I have already obtained, so that the farmers do not have chance to react and hide their activities before we investigate. If they do move their NFTs to other addresses it will then be easy to find.
UPDATE: Just to clarify, the lists below are ALL holders of the NFTs, not a list of farmers! There is no such list yet. Do not worry if you address is in the list, it is normal.
Here is a list of all NFT holders: Dex Guru NFT Holders 2022-04-24 · GitHub
This is from my Dune query linked above so anyone can verify it.
This is a list of Snapshot voters (taken from 3rd proposal): Snapshot voters on "[PROPOSAL] Sub-DAO mechanics" · GitHub
Again anyone can get this data with Graph QL (see Snapshot docs).
- Eliminate unfair airdrop farming operations that may control or damage the DAO.
- All real users will get more tokens.
- Avoid an embarrassing situation and reputational damage.
- Extra work to investigate
We can do a temperature check on Discord.
If anyone knows a way to get the Collab Land data, I can check how many farmers vote against us