Sybil Report (656 addresses-with network analysis diagram ) #556
Open cryptoamy opened this issue Aug 31, 2023 · 0 comments
Comments
cryptoamy commented Aug 31, 2023
https://webcache.googleusercontent.com/search?q=cache:ljEUrHx2U9MJ:https://github.com/connext/community-sybil-reports/issues/556&cd=13&hl=ru&ct=clnk&gl=ru
Related Addresses
There are a total of 656 addresses, details can be found in the attached file: final_sybil_address.csv
final_sybil_address.csv
Reasoning
The CSV data provided exhibits distinct token aggregation behavior in wallets.
1.When multiple wallets aggregate tokens through Umbra to a single address, this is considered Sybil behavior.
2.A threshold of 5 is adopted here, which means that if 5 or more wallets aggregate tokens to the same address through Umbra, these wallets are regarded as engaging in a Sybil attack.
Methodology
1.Decode all logs generated by Umbra throughout its history (including on Optimism, Arbitrum, Polygon, and Ethereum). Identify all initiating addresses, intermediary addresses, and final receiving addresses involved in anonymous transfers facilitated by Umbra.
2.Associate this information with the allocations.csv file. Identify all wallet addresses in the allocations.csv file that have utilized Umbra for transactions.
3.Conduct network analysis on all Umbra event logs associated with these wallet addresses. Identify instances where more than five addresses have aggregated tokens to the same receiving address.
The network analysis diagram for token aggregation through Umbra is as follows.
The red dots represent addresses from the allocations.csv file (which are also initiators of Umbra transfers), while the black dots represent addresses where tokens are ultimately aggregated after being processed through Umbra.
By downloading the sybil_graph.html file and opening it in a web browser, you can view the interactive version.
You can select specific areas, zoom in to examine details, and then follow with some zoomed-in details.
sybil_graph.html.zip
Example Zoom 1
