WHAT IS A SYBIL ATTACK?
A Sybil attack is when an attacker creates multiple fake identities, or wallet addresses, to manipulate a network or protocol. This can be done for a variety of reasons, such as to gain an unfair advantage, or to disrupt the normal functioning of a system. A Sybil attacker uses their fake identities to gain influence over the network which can have serious consequences such as unfair distribution of rewards.
Sybil attacks are widespread in DeFi particularly for:
- Airdrops
- Bounty Campaigns
- Community competitions
- Whitelistings & Token Generation Events
- Voting systems
HOW DOES SYBIL PROTOCOL WORK?
SybilDAO solves the problem of mass sybil attacks in DeFi in a streamlined way that is simple for blockchain developers to implement and has a great UX for end users.
From a end-user perspective they will go from the clients dApp/Platform via a link which opens in a new tab to https://sybilDAO.com/#verify
This frontend web page uses a number of anti-fraud protections to prevent sybil attacks and bot authentications. These include the following:-
- Cloudflare BOT protection
- VPN/ToR/Botnet blacklists
- Client side analysis
- Transactional cost + gas fee
- IP Restrictions
- hCaptcha integration
- ML Risk Analysis (TBC)
Once the captcha has been completed the frontend provides a one time authorization code to the clients web browser. This authorization code is part of a zero knowledge proof within our smart contract
The user can then sign a transaction which charges a small fee + transaction cost in the native currency for that chain. This will pass the authorization code (ZK–Proof) to the smart contract which registers the wallet address as a permanently verified address.
HOW TO INTEGRATE?
SMART CONTRACTS
3rd party DeFi protocols can look up on-chain verified addresses from within their smart contract and get a true/false boolean response. Here is a simple smart contract interface to check if a wallet address has been verified.
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.17;
interface ISybil {
function check(address) external view returns (bool);
}
contract SybilDeveloperExample {
address constant sybil = 0x7927BEa1eA84614DCeAECa1710cea8a7DeAa1d25;
function test(address _address) external view returns (bool) {
require(ISybil(sybil).check(_address),"Visit: https://sybildao.com/#verify");
return true;
}
}
There are more example integrations including ERC20 and ERC721 tokens here: contracts/examples
WEB3 FRONTENDS
There are two options to get users to verify prior to carrying out a function that requires Sybil Protocol protection.
The first option is to direct them to a simple link, this can be given out over social media or linked to from a frontend application: https://sybildao.com/#verify
The second option is to embed the iframe widget directly into your dApp or website.
<iframe width="320" height="500" src="https://sybildao.com/embed.html" title="SybilDAO DeFi Defender" frameBorder="0" scrolling="no" marginwidth="0" marginheight="0" hspace="0" vspace="0"></iframe>This code renders a 320px x 500px iframe like the one below
PARTNERS
Whitelisted addresses are immutable and verifiable from any smart contract, these can be used across various DeFi partner promotions and campaigns.
SybilDAO adds value through exposure to our community. Once someone is verified they are part of the Sybil Network and can participate in any SybilDAO partner promotions without reverifying. There is potential for SybilDAO to build a large audience which will hold value in itself.
Partners are provided promotional exposure via:-
- Partnership and promotion announcements on website
- Social media channels - Twitter & Discord primarily
- Video content on YouTube, TikTok & Instagram
SybilDAO can also offer pre-built promotional campaigns such as sybil attack resistant NFT drops where a partner just needs to provide an image for the NFT.
By partnering with SybilDAO, DeFi teams get a win/win situation where we can grow our communities together through a valuable service that protects against bot networks.
BizDev team can outreach to DeFi founders to sell cross-promotional activities even if their core protocol has no requirement for sybil resistance. This provides a large potential customer base with an optimizable sales funnel.
✤ THE SYB TOKEN
SYB is the governance token for the SybilDAO. The draft tokenomics are as follows:-
| Initial supply | 100,000,000 SYB |
| Max supply | 150,000,000 SYB |
The initial distribution is as follows:-
| Treasury (Locked) | 50,000,000 SYB |
| Public Sale | 20,000,000 SYB |
| Team | 10,000,000 SYB |
| Liquidity | 10,000,000 SYB |
| Partners | 5,000,000 SYB |
| User Airdrop | 5,000,000 SYB |
The remaining 50,000,000 SYB vested:-
| Private round | 20,000,000 SYB |
| Founders | 20,000,000 SYB |
| Team | 10,000,000 SYB |
Private funding round will be via SAFT and then distributed according to vesting period.
When a user completes the transaction to verify their wallet a fee is added to the transaction/gas. 100% of fees generated by the protocol are distributed back to stakers of the SYB token on Ethereum mainnet. Fees from layer 2's are bridged back and added to the pool on mainnet. Fee revenues for staked SYB are claimable in ETH #RealYield
The treasury fund allocation of SYB tokens is in a restricted wallet that can never be sold or transferred. This guarantees that a minimum of 50% of the fees initially and 33% after the vesting period will always go to the treasury to ensure continued financing for the project.
In due course the Sybil Protocol will reach a tipping point where it becomes the default tool for preventing sybil attacks in DeFi.
AIRDROP
CLAIM YOUR SYB ALLOCATION
Note this is an Ethereum Goerli Testnet airdrop (instructions here) but...
Spoiler Alert we may be doing something for our early adopter community on mainnet in due course.
Follow us on Twitter & join the Discord community to ensure eligibility.
To receive your airdrop you need to first verify your wallet here: https://sybildao.com/#verify
The SybAirdrop smart contracts are a good example of how to integrate the Sybil Protocol.
BOUNTY FOR BOTS
We need training data for our machine learning algorithms.
If you can break our bot protection systems to gain 100,000 SYB tokens we will award a bounty subject to the following terms:
- BOUNTY - $100 Payable in ETH on Ethereum mainnet
- Requirements:
- One bounty per person/botnet, system is yet to be broken so we wont pay out 10 bounties in the same week
- You share the code for the bot so we can reverse engineer it to improve our systems
- Bot code does not rely on 3rd party services like scrapingant/anticaptcha
- No damage is done to the system or user experience, go slow and don't DDoS the platform
- Inclusion in the hall of fame is optional, let us know if you want a social media account on there
- Contact the team via discord/twitter and we will get back to you ASAP
Hall of Fame
To date 2 attackers have broken our bot protection systems to claim the bounty
| Date | User/Anon | Details |
|---|---|---|
| 2022-12-19 | 0x457f... | Bounty paid 0.255 ETH ($300 USD) attacker managed to gain around 50k SYB tokens in 48hrs, bypassed Cloudflare and hCaptcha protection, submitted the code for the bot and has been very helpful. Thank you |
| 2022-12-24 | 0x8809... | Bounty paid 0.25 ($300 USD) attacker gained 100k SYB tokens, submitted the code for a python based bot. Thank you |
CONNECT WITH SYBILDAO
Twitter: https://twitter.com/SybDAO
Discord: https://discord.gg/fqRBs7p5fr
Medium: https://medium.com/@SybilDAO
Newsletter: https://sybildao.substack.com
Github: https://github.com/0xD185/SybilDAO