Preface
The content of this article is simultaneously published in the "Chain Flash" column.
Since CyberConnect announced the launch of Fan Club with Link3 in March, many people have indeed spent time completing various interactive tasks every day just to participate in the "Link3 Mystery Boxes" lottery.
According to CyberConnect, the original intention of this event is to create a new "membership loyalty program" by allowing the contributions of every CyberConnect FanPass user to be appropriately recognized, quantified, and rewarded.
But fantasy is beautiful, but reality is cruel. With loose participation conditions (everyone can participate as long as they have a wallet), a large number of witch accounts appeared and participated in this activity. However, due to the restrictions of the activity rules, it led to the death of Most of the rewards were taken away by studios and wool stalls.
This result has also led to fewer and fewer people willing to participate in task activities. Perhaps because it is not an option to continue like this, Link3 decided to update the Sybil rules so that more real users can receive rewards.
This article will use this as a starting point to take a look at the common types of witch attacks in the blockchain, as well as several well-known cases of preventing witch attacks.
What is "Sybil Attack: Witch Attack"?
It refers to an attacker trying to take control of the blockchain network by creating a large number of fake identities or nodes. Sybil attacks are often used to manipulate voting systems, decentralized consensus mechanisms, identity verification systems, etc., thus affecting the normal operation of the entire blockchain system and the fairness of interactions on the chain.
Trivia: The original meaning of the term "Sybil Attack" actually comes from Flora Rheta Schreiber's 1973 book "Sybil", which tells the story of a woman who suffers from dissociative identity disorder and is said to have 16 different personalities.
Common witch attacks include the following:
Social network attack: Attackers create multiple fake accounts on social networks and interact with other users through these fake accounts to expand their influence.
Vulnerability attack: Attackers exploit vulnerabilities in the blockchain system to create a large number of fake identities or nodes and add them to the blockchain network.
PoW/PoS attacks: Attackers take advantage of vulnerabilities in the consensus mechanism to create a large number of fake nodes to control the entire blockchain network.
Of course, some people will definitely ask whether the 51% attack is considered a witch attack. In fact, there are people supporting both arguments, but my personal perception is that it is not. Because I think there are obvious differences between the two, let me take voting as an example:
51% attack: When the total number of votes remains unchanged, one person controls more than half of the votes (nodes).
Witch Attack: One person plays multiple roles and creates more identities than the original number of voters to get more votes. Overall, the Sybil attack is an important security issue in the blockchain system, which requires blockchain practitioners and researchers to continuously explore solutions to ensure the security and stability of the blockchain system.
Typical Sybil Resistance case
Gitcoin launches Gitcoin Passport
Gitcoin was a typical victim of witch attacks in the first few rounds. Because of its original Quadratic Funding (QF) mechanism, many projects that really wanted to do things could not get good allocations. Instead, they were the victims of witch attacks. The project has received the most quota, but it may not continue to work hard for the infrastructure of Ethereum.
That’s why it went from being unrestricted to adopting Trust Bonus in September last year, and then fully adopting Passport during this year’s Alpha Round.
Passport was originally created for Gitcoin's own needs: to protect Gitcoin's Grants from Sybil attacks so that only real people could help decide which projects could receive funding from the shared matching pool. DApp import is now also open, and witches can be restricted from participating in activities through Passport points.
All participants are encouraged to actively participate in on-chain interactions and off-chain identity maintenance to gain higher points; at the same time, they can also create their own citizen passport on the Internet.
Arbitrum Airdrop
Although the points system is also used to determine how much quota each participant's wallet can obtain, it is also well-intentioned in order to prevent witches from receiving most of the tokens. Let's take a look at what he has formulated. rule:
If the airdrop recipient’s wallet transactions all occur within 48 hours, 1 point will be subtracted.
If the airdrop recipient's wallet balance is less than 0.005 ETH and the wallet does not interact with more than one smart contract, one point is subtracted.
If an airdrop recipient's wallet address is identified as a Sybil address during the Hop Protocol bounty program, the recipient will be disqualified.
The first two points are completely understandable. This can indeed effectively kill some short-term transaction volume and interactions, and then leave the wallet address alone. However, the third point is the part that most people criticize; most people say that in 6 last year In the "Arbitrum Odyssey" event held in March, many people participated in the interaction through Hop Protocol. Some people questioned that it was unfair to be listed as a witch account.
But is it really so? The “Hop Protocol Bounty Program” mentioned in the rules is in May 2022, and a number of witch accounts were listed at that time. Arbitrum’s reference is based on this, not the “Arbitrum Odyssey” launched later in June ”. Therefore, most of the people who complain about this do not ask for verification and just spread rumors.
Of course, although some people still complain about the shortcomings of Arbitrum’s airdrop strategy; indeed, we still see many wool stalls receiving large quotas, but I think that mechanisms like Arbitrum have done their best to eliminate witch addresses.
For those who are interested in Arbitrum's mechanism, it is strongly recommended to refer to Beosin's article "In Depth | How to look at the anti-witch mechanism amid the craze of Arbitrum airdrops?" 》
Link3 New Rules for Witches
As can be seen from the preface, the original good intentions of the CyberConnect Fan Club were eventually disrupted by the Witch account, resulting in unfair distribution of the reward pool, resulting in fewer and fewer users participating in the event. Therefore, Link3 announced the latest witch rules on May 10, hoping to allow "active users" to participate in the event again.
The rules are also easy to understand. The reward pool is divided into the main pool (70%) and the secondary pool (30%), and a Credit Points system is introduced. Only users with 24 credit points are eligible to participate in the main pool draw.
How credits are calculated:
Link3 Personal profile completion (total 1.67 points) Add avatar, display name, basic information +1.67
Gitcoin Passport score (total 100 points)
Paid CyberProfile (3.34 points total) CyberProfile length is less than or equal to 12 characters +1.67; CyberProfile length is less than or equal to 6 characters +1.67
Link3 Activity W3ST Holdings (Total 6.68 points) Holding 10 +1.67; Holding 50 +1.67; Holding 100 +1.67; Holding 500 +1.67.
From here you can see that Link3 also includes Gitcoin Passport and the number of W3ST holdings as the main scoring criteria, so that users who are actually participating in various activities can get higher scores. Although the threshold for obtaining scores is slightly higher. But if you are someone who frequently participates in on-chain interactive activities, it is really not too difficult to reach a score of 24 or more for Gitcoin Passport.
Therefore, whether you have participated in CyberConnect Fan Club or not, it is highly recommended to give it a try.
in conclusion
Preventing witch attacks is believed to be the biggest headache for blockchain projects. If the threshold is too high, some users will not be able to participate and the number of participating users will be reduced; if the threshold is too low, there is a fear that studios and wool stalls will find loopholes to attack. Therefore, how to find a balance between preventing witches and preventing manslaughter requires every project and blockchain participants to find solutions together.
It is also because of this that Gitcoin's Beta Round has specially opened a category "The Phantom Menace" in order to encourage projects that are willing to research anti-witch attack technology to receive a fund to help their development and provide support for the entire ecosystem. Build good infrastructure. At present, the most ideal thing I see is the Gitcoin Passport mentioned in this article.
Of course, there are also many projects, as mentioned in my previous article "Six major task bounty platforms, taking you deeply involved in the development of the blockchain", which publish tasks through the "task bounty platform" to require users to participate in completing the tasks. Only in order to get the benefits provided by the project side, these are the solutions.
It’s not that studios and wool stalls are not good, but the development of an ecosystem requires more people who are willing to participate; if every project is just about gathering wool and hype, then this project will only be left in the end. Chicken feathers everywhere. This should not be what everyone wants to see!
References
Introducing Gitcoin Passport
Why Gitcoin Passport?
Sybil Detection option
Arbitrum Airdrop, can it get better?