RxC Bounty - Increase Gitcoin's sybil resistence by integrating an integration with a anti-sybil tool on our roadmap.

[owocki]

sybil resistence (the ability of an identity based system to prevent sock puppet accounts from signing up) is a key part of gitcoin grants & quadratic funding based systems.

we have a sybil resistence roadmap that looks as follows:

the scope of this bounty is to choose a sybil resistence mechanism off the roadmap, and

1. build an end to end "connect to gitcoin" experience for this mechanism.
2. please add a boolean field to dashboard.models.Profile entitled is_SERVICENAME_verified (like the existing fields is_twitter_verified).
3. If there is any valuable (but GDPR compliant) metadata that is received from the service, please also store this information in a JSON field on the profile object, entitled identity_data_SERVICENAME.

integrations i would like to see built:

• facebook - +5% trustbonus (1k DAI)
• google - +5% trustbonus (1k DAI)
• POAP - +5% trustbonus (1k DAI)
• ENS Reverse Lookup - +5% trustbonus (1k DAI)
• https://duniter.org/en/ - +5% trustbonus (1.5k DAI)

please note which sybil resistence tool you'll be building in the 'start work' comments so that you do not work on the same identity system as someone else!

i will pay DAI for each integration (max one per person, one per integration) for up to a total of 5 integrations.

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

This issue now has a funding of 5000.0 DAI (5000.0 USD @ $1.0/DAI) attached to it.

• If you would like to work on this issue you can 'start work' on the Gitcoin Issue Details page.
• Want to chip in? Add your own contribution here.
• Questions? Checkout Gitcoin Help or the Gitcoin Chat
• $848,512.06 more funded OSS Work available on the Gitcoin Issue Explorer

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Work has been started.

These users each claimed they can complete the work by 1 year, 2 months ago. Please review their action plans below:

1) irhonin has been approved to start work.

I will implement integration with google 2) developerfred has been approved to start work.

I will implement Duniter P2P “freedom-enabling” 3) elhamne has been approved to start work.

I will build facebook integration. 4) hhio618 has been approved to start work.

I'll implement POAP integration based on ERC-721 NFT. 5) moonniy has been approved to start work.

I like implement ENS lookup for Sybil attack resistance

Learn more on the Gitcoin Issue Details page.

[makoto]

Hi, Makoto from ENS team.

This is what I think you need to do to support "Verify with ENS" feature

Step 1

Check if the Eth address tied into Gitcoin has ENS name reverse record setup as well as it matches with the forward lookup.

    import ENS, { getEnsAddress } from '@ensdomains/ensjs'
    const ensAddress = getEnsAddress('1')
    const ens = new ENS({ provider, ensAddress })
    // Reverse lookup
    const { name:myName } = await ens.getName(gitcoinAddress)
    // Forward lookup
    const myAddress = await ens.name(myName).getAddress()
    // Check if address matches.
    return myAddress === gitcoinAddress

Step 2

If the above returns true, treat as verified.

Step 3

If not, show the following message.

Verify with ENS.
Assign ENS name to your Eth address as well as setup a reverse name lookup.
[Learn more](https://medium.com/whois0x/ens-setup-for-dummies-a-visual-step-by-step-e3382fe00545)

Ref

You can read more about how our ensjs library works here https://medium.com/the-ethereum-name-service/releasing-ensjs-and-announcing-ens-integration-workshop-63ffad001446 and ask questions at our Integration workshop next week, or jus ping me on our discord https://discord.gg/AskZbFx

[poapxyz]

Hey there. POAP here 👋🏻 We are willing to help and support the team/individual looking to complete this bounty. For a successful submission we will be matching with additional 1000 DAI). If a candidate is willing to work on this and 2000 DAI sounds like too little incentive, we are open to hear what would be proper compensation.

POAP contracts run at the address 0x22C1f6050E56d2876009903609a2cC3fEf83B415 both on Ethereum Mainnet and xdai network. Very easy to query subgraphs are available here: https://thegraph.com/explorer/subgraph/poap-xyz/poap https://thegraph.com/explorer/subgraph/poap-xyz/poap-xdai

We also provide a http API, very clear documentation available here: https://development-dot-poapapp.appspot.com/documentation/static/index.html

The way the mechanism should work is: If the ethereum account logged in on Gitcoin holds a POAP NFT that has been sitting in that wallet for more than 15 days, it can be assumed that it's a unique human.

This mechanism is quite rudimentary and it can happen that:

1. Someone holds his POAP on a wallet different than the one using on Gitcoin (a "validate ownership" of an external account not tied to Gitcoin is a nice to have but not necessary in the scope of this integration)
2. Someone has prepared beforehand the round (more than fifteen days earlier) and shuffled the POAPs to many different accounts. This is a lot of work and very impractical, also very easy to spot programatically. I would mark it as a minor concern.

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Work for 5000.0 DAI (5000.00 USD @ $1.0/DAI) has been submitted by:

---

• Learn more on the Gitcoin Issue Details page
• Want to chip in? Add your own contribution here.
• Questions? Checkout Gitcoin Help or the Gitcoin Chat
• $838,236.95 more funded OSS Work available on the Gitcoin Issue Explorer

[deepsi43]

Will be looking into the integration based on

Hi, Makoto from ENS team.

This is what I think you need to do to support "Verify with ENS" feature

Step 1

Check if the Eth address tied into Gitcoin has ENS name reverse record setup as well as it matches with the forward lookup.

    import ENS, { getEnsAddress } from '@ensdomains/ensjs'
    const ensAddress = getEnsAddress('1')
    const ens = new ENS({ provider, ensAddress })
    // Reverse lookup
    const { name:myName } = await ens.getName(gitcoinAddress)
    // Forward lookup
    const myAddress = await ens.name(myName).getAddress()
    // Check if address matches.
    return myAddress === gitcoinAddress

Step 2

If the above returns true, treat as verified.

Step 3

If not, show the following message.

Verify with ENS.
Assign ENS name to your Eth address as well as setup a reverse name lookup.
[Learn more](https://medium.com/whois0x/ens-setup-for-dummies-a-visual-step-by-step-e3382fe00545)

Ref

You can read more about how our ensjs library works here https://medium.com/the-ethereum-name-service/releasing-ensjs-and-announcing-ens-integration-workshop-63ffad001446 and ask questions at our Integration workshop next week, or jus ping me on our discord https://discord.gg/AskZbFx

Sure I would like to start working on ENS reverse lookup

[deepsi43]

I would also be looking into duniter integration

[iRhonin]

Hey there. POAP here 👋🏻 We are willing to help and support the team/individual looking to complete this bounty. For a successful submission we will be matching with additional 1000 DAI). If a candidate is willing to work on this and 2000 DAI sounds like too little incentive, we are open to hear what would be proper compensation.

POAP contracts run at the address 0x22C1f6050E56d2876009903609a2cC3fEf83B415 both on Ethereum Mainnet and xdai network. Very easy to query subgraphs are available here: https://thegraph.com/explorer/subgraph/poap-xyz/poap https://thegraph.com/explorer/subgraph/poap-xyz/poap-xdai

We also provide a http API, very clear documentation available here: https://development-dot-poapapp.appspot.com/documentation/static/index.html

The way the mechanism should work is: If the ethereum account logged in on Gitcoin holds a POAP NFT that has been sitting in that wallet for more than 15 days, it can be assumed that it's a unique human.

This mechanism is quite rudimentary and it can happen that:

1. Someone holds his POAP on a wallet different than the one using on Gitcoin (a "validate ownership" of an external account not tied to Gitcoin is a nice to have but not necessary in the scope of this integration)
2. Someone has prepared beforehand the round (more than fifteen days earlier) and shuffled the POAPs to many different accounts. This is a lot of work and very impractical, also very easy to spot programatically. I would mark it as a minor concern.

Hi POAP, I like to start this task but the bounty on Gitcoin has a limitation of one person per bounty,
I already implemented the google verification, so I need @owocki verification to start this.

[zoek1]

@poapxyz thanks for the advice, I don't have any stopper so I'm starting to work on this 😀

[gitcoinbot]

Issue Status: 1. Open 2. Started 3. Submitted 4. Done

---

Work for 5000.0 DAI (5000.00 USD @ $1.0/DAI) has been submitted by:

1. @irhonin
2. @hhio618
3. @developerfred
4. @moonniy

@owocki please take a look at the submitted work:

• PR by @irhonin
• PR by @hhio618
• PR by @moonniy
• PR by @developerfred

---

• Learn more on the Gitcoin Issue Details page
• Want to chip in? Add your own contribution here.
• Questions? Checkout Gitcoin Help or the Gitcoin Chat
• $1,206,595.33 more funded OSS Work available on the Gitcoin Issue Explorer

[hhio618]

Hey, @poapxyz many thanks for your comment. It helped a lot while I was implementing this feature :) Would it be possible to send me some testnet POAP badges for further testing? If possible my wallet address is as following: My wallet address: 0x68581B09B9F815AD0A37477F340e7E211030C899 Another question: do we need to save any POAP badges in user profiles?

[developerfred]

PR Duniter status done 🟢

https://github.com/gitcoinco/web/pull/7844

Update Duniter

https://forum.duniter.org/t/integration-trust-bonus-gitcoin/7677

Gitcoin core and gitcoin community account verification proposal

Currently the only metrics I have to validate a human address are the 5 certificates that can be consumed by the wallet, my implementation is like this **Trust Bonus tab -> Click VerifyDuniter certificates we consider you to be a legitimate user, these certificates expire in one year, we can do in the background a new verification every year.

[owocki]

@moonniy @deepsi43 r u still working on the ENS reverse look up?

[moonniy]

hi @owocki, yes i made progress but since the hackathon finished i thought this bounty expired so i didn't submit my work. Can i create the PR so you can review it? i think the work is finished and ready for review

[makoto]

@moonniy I am happy to review the ENS part

[owocki]

yes; happy to review it. thanks!

On Sat, Nov 21, 2020 at 5:27 AM Makoto Inoue [email protected] wrote:

@moonniy https://github.com/moonniy I am happy to review the ENS part

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/gitcoinco/skunkworks/issues/187#issuecomment-731572348, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAD5PCORVWZOQFQJJTVE7L3SQ6W3XANCNFSM4R6IQWTA .

--

@owocki http://www.twitter.com/owocki

---

gitcoin is live and has generated over $7.3mm for Open Source Software - see our results https://gitcoin.co/results

[deepsi43]

@moonniy @deepsi43 r u still working on the ENS reverse look up?

Yes I did have a little progress.Have been looking into implementing the verification of reverse ens of the account address.

[zoek1]

@owocki can i work on the facebook integration?

[Elhamne]

@owocki can i work on the facebook integration?

@zoek1 I'm still working on the facebook.

[zoek1]

Ok ok @Elhamne, as i didn't see a PR and the hackathon finished almost a month ago, I requested work on facebook integration. 🙂 I have some task to fix collections today but if you need it for the monday let me know @owocki

[owocki]

hey hey, im seeing multiple PRs flying around and it's very exciting. as your PRs are merged pls ping me and I can pay you out. thanks again everyone :)

[hhio618]

Hey @owocki, thanks for the payout!

[hhio618]

Hey there. POAP here 👋🏻 We are willing to help and support the team/individual looking to complete this bounty. For a successful submission we will be matching with additional 1000 DAI). If a candidate is willing to work on this and 2000 DAI sounds like too little incentive, we are open to hear what would be proper compensation.

POAP contracts run at the address 0x22C1f6050E56d2876009903609a2cC3fEf83B415 both on Ethereum Mainnet and xdai network. Very easy to query subgraphs are available here: https://thegraph.com/explorer/subgraph/poap-xyz/poap https://thegraph.com/explorer/subgraph/poap-xyz/poap-xdai

We also provide a http API, very clear documentation available here: https://development-dot-poapapp.appspot.com/documentation/static/index.html

The way the mechanism should work is: If the ethereum account logged in on Gitcoin holds a POAP NFT that has been sitting in that wallet for more than 15 days, it can be assumed that it's a unique human.

This mechanism is quite rudimentary and it can happen that:

1. Someone holds his POAP on a wallet different than the one using on Gitcoin (a "validate ownership" of an external account not tied to Gitcoin is a nice to have but not necessary in the scope of this integration)

2. Someone has prepared beforehand the round (more than fifteen days earlier) and shuffled the POAPs to many different accounts. This is a lot of work and very impractical, also very easy to spot programatically. I would mark it as a minor concern.

Hey @poapxyz. I've done the task! I'll be very glad for the bounty as you said :)

[poapxyz]

Please send me your ethereum address to [email protected]

[owocki]

i just left some comments on the various PRs. keen to get these fixed up + merged in before we deploy GR9 on monday of next week.