"Arbitrum Airdrop Sybil Loophole": Proposed Measures to Address the Issue for the StarkNet Project

That is a good topic. In regards to Sybil, my suggestion is, we can refer to the method of AP or ARB, and try to keep everthing transparent.


I think KYC should be used as a means of eliminating fraud


Honestly to say,it’s very difficult to resolve these issues,anyway,we can do something for sure.
In terms of detecting Sybil attacks for the possible airdrop, Starknet could use various techniques such as IP address analysis, user behavior analysis, machine learning algorithms, among others. Additionally, community members could report any suspicious activity to help Starknet more effectively detect Sybil attacks.


Sybil detection is a must. The first link you provided is great. Is anyone in Starnet ecosystem working on similar solution? Who can we contact to make it happen?

Sybil protection and sybil sinks (check Aidrop farmers) could push us into the right direction.


We started something during the Tel-Aviv hackathon (sybil-shield), but we ran out of money until May. The main pain point is about to collect all the data we need (and time to work on this topic).


While community involvement and supervision can be helpful, it may not be the most reliable solution. Relying on the community to identify potential Sybil addresses and communities could be problematic as it can be difficult to differentiate between actual users and fake ones, leading to false positives and negatives. Additionally, it may be challenging to incentivize community members to participate in monitoring and identification activities.


It will be impossible to weed out sybil attackers completely, there will always be edge cases but the main goal should be to

incentivise ‘strong on-chain’ profile over one or small number of addresses, vs ‘weak on-chain’ profile over many.

This is implicit incentivisation and can only be achieved by projects going this route, unfortunately I think ARB has emboldened sybiloors.

I have a friend who claimed DYDX, on 50 addresses and sold it all for 500k or so, the same friend just claimed ARB on 100. Currently farming the hell out of Argent wallet, but liquidity there can’t be more than $100 on average on each of these farming wallets.

I was mistaken in my assumption, that the optimal strategy would be ‘strong on-chain’ profile on one or few addresses, it turned out my friend was right to sybil (from a pure profit standpoint)
Optimism did this best, with the scaling factor, this made the optimal strategy to have a strong on chain profile

Projects should consider

Volume: unfortunately, the more liquidity/volume per address the more likely it belongs to an individual, there are limits to spreading capital.
eg: my friend with <$100 on separate argent wallets,
Large players with large pools of capital can do this but then things such as patterns can possibly be used to identify.

KYC: this is a touchy subject but its probably the best way to curb sybils

Eg: Anima: proof of personhood, or KYC without the need for projects/or counterparts to hold any identifying information themselves.

Not an expert on anima, just saying its worth exploring similar ideas

Sybil Bounty’s: this is great as you outsource a sybil hunting tasks to the community with an incentive at basically zero cost.

eg: Hop Protocol, some have complained about the HOP’s method, but there was a review process and it can be viewed on their repo, many reports were invalidated as reports accepted with clear identification.

Other meaningful activity: Such as Governance voting, which requires some attention, Public Goods Funding- Gitcoin donations,
even if ‘gamed’ for the inclusion in airdrops, its created an environment where more public goods are funded

These activities make it more likely that a person is behind just regular transactions.

I also think a criteria that is useful to add is ‘beacon chain depositors’

After filtering out the obvious centralized entities, anyone in this list has meaningfully contributed to Ethereum’s security and is ecosystem aligned in a way that is hard to sybil.

NOTE: this isn’t to neglect users, its to ‘include’ a set of specific actors likely to support node operations, it’s a targeted distribution, one that especially makes sense for zk based L2s
I go into more detail in my forum post here: [DRAFT] [Airdrop: Proposal] Ethereum Validators

1 Like

This is a must read for how ARB was sybil attacked, with some methodology for identification

1 Like

In my humble opinion as a Venezuelan who doesn’t believe in nation states, KYC should be a no go. KYC discriminate those that come from authoritarian governments.


Totally agree on 1. and 3., for item1 the best way is to prohibit or constrain IP which will increase those hunters cost. Imaging that those hunters will leave this ecosystem immediately once they get their token and not the real user. On the other hand, it also dilutes the rewards for those real users that may potentially damage community.

For item3, through education of users will bring the positive thinking not only just an airdrop. It could effectively improve the consensus on Starknet.

Please do discuss and consider it!

Added the article regarding Sybil attack analysis on $ARB:

Incentivisation of onchain profile is a very good idea as any form of kyc would go against the tenets of decentralisation and anonymity. I know "starknet id " already incorporated this on chain verification of social identities (twitter, discord, & github) for their users.
In addition genuine users could get punished if other extreme measures are used. I have on one or two occasions sent funds to friends on starknet, I shouldn’t get punished for that.
The gitcoin passport should be the ultimate point with regard to identity validity.
In summary, some form of wedding out is welcome however attestation of identity on chain should take precedence and be incentivised. :smiling_face:

An immature idea.
Phase 1- Set a criteria for minimum amount of funds in the wallet. This will screen out most of the airdrop farmers’ accounts.
Phase 2- Set a second sceening process for those that got screened out during Phase 1. If they got legit on-chain activities, they should still be worthy of airdrop.
PS: I wouldn’t vote for KYC. You can easily fake that these days. It has become an industry in some countries.

But if KYC is implemented, it will no longer be decentralized. I think there should be more conditions to verify it’s a loyal user.

One question on this: should we publish the rule beforehand or after airdrop? Any preferred options? My suggestion is to publish it beforehand.

Confidential reputation checks and voting/polling can be done using Sismo tech. Here is an example of how it works from the latest hacathon project https://taikai.network/ethporto/hackathons/ethportohackathon2023/projects/clfdenblr147228801utunc5c9d1/idea

we can use list of arb sybil and add the address who collect from others’ address , and send arb to same cex address

Since its easy to backdoor KYC, its not that effective, reward users based on their community activities, but how about some other users around the world who speaks different languages, have to include them too.

IP detection is meaningless because gas costs up to 30u, but the maximum IP cost is only 10u

Actually, I think it’s better to ban witches than to guide them,
Witches are not necessarily all harmful,
Witches can actually contribute a lot to the liquidity of swap and nft
If multiple rounds of airdrops are used to motivate witches to stay on the Stark network, they will continue to interact and provide liquidity on the network, which is actually a good thing for the ecosystem and users

as of now, complicate task can push Sybil back…see Linea 9 weeks activity.
Anyway, to raise the cost per wallet from single user could easy set the gate to screen Sybil. Because it’s no effect on normal user.