hop-airdrop icon indicating copy to clipboard operation
hop-airdrop copied to clipboard

Published 20 hours ago verified publisher icon hop-protocol

Sybil Attacker Report

Open wyf-ACCEPT opened this issue 2 years ago • 1 comments

Hi, I'm an on-chain data analyst. This Report may be a little bit late, but I promise it is valuable, so I expected to be rewarded in some way.

Related Addresses

The full addresses table is listed in the attached file.

0x781cdc81cc8a315433bdc1c581a649c4c0d61ee7
0xa822390152cb85db84613fde7676e0b36ebfb334
0xc67f6fbd90806efcac2b7afbafb038afe4df5a0c
0x9ab119f2017358dd33894fef1d20f870e3f70850
0x6649a5d4ae7ac73f2f6b6baf3b722d8dcb281e33
0x1cb15998a75f4628a2bdcbd86a632a33d906c116
0x74c3b2d22ed5990b9ab1f77bd3054d4fd4afcf96
0x80a03dbf383c6fdd96fb95d1a24d63c7b6d02b08
0x7da66c591bfc8d99291385b8221c69ab9b3e0f0e
0x0359f194b3b801a1cce464eb8367a5a7b796a69d
0x9520386ba02883e58075a4cf42e8bea4f5a1be88
0x792a97fbe51ac086360021117f403954291ad332
0xd9529704efb175ecdc7683a1e4d4ce80550c4019
0x214ddd9a30d8328549814d84ccdf41fb5d8ec864
0x32ca3698bc7707102a7e0da52a383f1c881d80d7
0x036c1308b25fc70c3e6be413f5158bdf15e2770d
0xad503b72fc36a699bf849bb2ed4c3db1967a73da
0x11eb197cc9f186e7235f91aa14d0ae20df139a4a
0x090f923e1484912285d07f7e643599b8ebf945ce
0x26c1e466ce41070585d6876dc17b7bd9295c41d5
0xa86271026a587c4beb528f46452f5c8375e2e95b
0x9d9db1c6d79ee49c855081db0a273bcb303c0d02
0x72bddbfdd873dc896db057a09586a2f3e19f4169
0x4626751b194018b6848797ea3ea40a9252ee86ee
0x2aa90cdc1e028c732ebea502e5e2cfadcf69043b
0x0078049f1766f5ea41ff17d8e88499bcca46fd68
0x109d0d2aee08485e786d5150951c5ee99e7ffc2e
0xa5c3a513645a9a00cb561fed40438e9dfe0d6a69
0x2a832c2731b3d972c95422a5ab20ca6cf0b63b8c
0xe9822f18f2654e606a8dff9d75edd98367e7c0ae
0x6b605c22a2b0ba16f5f6be47c2d4f6775e4e2dc1
0x8f8b4759dc93ca55bd6997df719f20f581f10f5c
0x3e0cf03f718520f30300266dcf4db50ba12d3331
0x7e86d59a71189cce55f692b14ef4bed389ab2712
0xd543a0be0684f0556786586b83f4c9fd16a4dc35
0x4a2ff57467db1290cf32cf106c96987d5f4eca1a
0xf0d3d14f241f7eea37d25ec44fb69cada7ab4079
0x5b49e65fee97d267bca97e211435f5aee82a598a
0xfefec7d3eb14a004029d278393e6ab8b46fb4fca
0x63d4a56624a4b24dde2f7be35586ce637850010a
0x7515d928c8d693f341b35164cb642c43c8a65a8c
0xf67f2ca49e3cdd68aff98fea095edf1fd742c005
0x29ff9cf03488c843e5ec55a5517ccddb849d1e98
0x01ac668a8f8ed2322197c6e2943ca51b98d020bb
0xf01b0ddebd3c22125ac691489a856d7e562ba534
0xeae9c2a2c803becbc81f3a485a7cda9d03e33165
0x5fb6e7e6cd299449a02fe47cccd5cb70ff9dc632
0x257ee711b21ffc2884663e6583f67dcd630259f4
0x3d4a7c1e22a2f201ce58bd67dd85ff2d8ffa450d
0x71d8c525fea9ca23ed6882db1f868750e15f0ab0
0x8c80c1fe10912398bf0fe68a25839defcaef588e
0xb8f655dff9e8a10d9f532f710beb7fe1d79eadee
0xaa60084b1170bce4b6aaa1c56c1aa5f3dca85923
0x81efd4526dfdbbddfe306d04073fc6beff25a1e1
0x1996b089948a32866853b656fd3199993e357dbb
0x2010bb81d4762c0e53053a0bf57dccf19c6e1fe6
0x267b319ad923c86ed4d02b8c30471317cdb325cf
0x874fb8cc69dad1db6ba94cbb531f94801257cc11
0x1c18182f7a9d59c1d45d83f9ed65e5cdb54638a5
0x1e81abc800ec08572de0a27bb6c9ba69000003b1
0xaef6d321e37785b6d81c80ae23e38378917e0cec
0x84e4a385f34dea0641fe267c3baec035f662775f
0x9b05dede25f6a1e13e324d0e4fd0b3e058ac6666
0x3906e62fb8c9e53710cbaf533ac787b7179c5209
0x4fd5e24932d1ff4e8f8e331302430219d510c300
0x3cc0d06c6b06f7cf278a82effb9bb118ee86dbfd
0xc049dd035e0171379fc608cef3260c1e6bceaaef
......

Reasoning

All addresses have interactived with Hop Protocol: USDC Bridge on Ethereum, but they have also transferred tokens to each others, more than 2 times (including 2 times). For example, we report the address A1 if:

  • A1 have tranferred to A2 and A3.
  • A1, A2 and A3 all have interactived with Hop Protocol: USDC Bridge.

That means A2 and A3 probably both are the child-wallet addresses of A1 (and they probably not are friends of A1).

Methodology

My code is stored at:

https://github.com/wyf-ACCEPT/My-Hop-Airdrop-Report

I've finished this report by following the steps below:

  1. Find the contract addresses of Hop Protocol on https://github.com/hop-protocol/hop/blob/develop/packages/core/src/addresses/mainnet.ts
  2. I selected the Hop Protocol: USDC Bridge as example. Whoever interactive with this contract is probably send some assets to L2 from ethereum using Hop Protocol.
  3. I filtered all the addresses who interactived with Hop Protocol: USDC Bridge and all their transactions on the whole Ethereum using Dune Analytic. The code is here.
  4. I downloaded the query result and save it in candidate-transfer.csv, and then used Python to process the data. I filtered all the addresses which fit the conditions above.
  5. I stored the result in a json file. Its format is like: { addr_from_1: [ number of addr_to, [addr_to_1, tx_hash_1], [addr_to_2, tx_hash_2], ...]], addr_from_2: [...], ... } Note that all addr_from and addr_to have interactived with Hop Protocol: USDC Bridge!

Rewards Address

0xb54e978a34Af50228a3564662dB6005E9fB04f5a

report_address.txt

wyf-ACCEPT avatar May 07 '22 07:05 wyf-ACCEPT

@wyf-ACCEPT

Thank you for the submission. The effort is greatly appreciated.

Unfortunately, this submission does not meet one of the criteria for submissions:

Methodology that has a non-negligible chance of eliminating legitimate users will not be considered

Transactions to/from each other on this list does not provide enough evidence that the linked addresses are Sybil attackers. Addresses can be linked by this if they are friends, performing OTC trades, selling NFTs to each other, etc.

There will need to be additional proof submitted in order to consider this a valid group that does not include any legitimate users. Please consider providing more information about the behavior of these addresses, such as identical types of transactions or similar timing of transactions. Please note that another user that submits an issue with a detailed, non-negligible chance of eliminating legitimate users, their submission will be considered before yours.

I will leave this issue open and look forward to any updates!

shanefontaine avatar May 12 '22 00:05 shanefontaine