Subscribe to jmc
Receive the latest updates directly to your inbox.

The limits of Sybil defense (and how composability might help)

Publisher
jmc
September 20
Do Androids Dream of Electric Sheep tells the story of a detective tasked with eliminating humanoid "replicants" that are almost indistinguishable from natural humans. They do this using a system of tests, including an instrumented interview that look for subtle "tells" such as a limited ability to make complex moral judgments in hypothetical scenarios. Sybil defenders are similarly tasked with distinguishing real and virtual humans in a mixed population where they are difficult to tell apart. They too look for subtle "tells" that give Sybils away. Sometimes the Sybil signals are obvious and unambiguous, sometimes they are not. The additional complication for Sybil hunters is that the entire population exists in a digital space where a human's physical existence cannot be proven by their presence- it can only be demonstrated using forgeable proxies. Reliably linking actions to identities is therefore a subtle science that pieces together multiple lines of evidence to build a personhood profile.

Scaling Gitcoin grant reviews

Publisher
jmc
September 08
Right now grants are reviewed by a small set of highly trusted individuals within Gitcoin who have built knowledge and mutual trust through experience and discussion. This optimizes for accuracy but at the cost of centralization, high cost, low resilience to reviewers getting hit by buses and a low limit on the number of individuals meeting some trust threshold is a blocker on this model scaling to large numbers of grants. The challenge is to build a protocol that allows grant reviewing at scale to be very fast, very cheap and very accurate. Achieving any two of these is easy (to be cheap and fast, automate completely; to be accurate and fast, pay high fees to trusted reviewers; to be cheap and accurate allow well paid trusted reviewers to work slowly) but optimizing across all three requires more sophisticated protocol engineering.

Decentralizing Sybil defense using Gitcoin data

Publisher
jmc
September 07
It seems like almost every non DeFi project, from DAOs to gaming and from airdrops to the support for public goods provided by Gitcoin and others, rely on some notion of identity in their decision making. And yet - all too often such systems are attacked by actors seeking to amplify their votes, game the games, farm the airdrops, and even divert public goods funding to their own projects. Such attacks that rely on the impersonation of thousands of seemingly independent identities that are actually orchestrated as one are called sybil attacks, and they are a growing threat across many sectors of web3. This is because fungible tokens can easily be divided across multiple wallets - a strategy that can enable one individual to divide into multiple virtual personas that each have some voting power. If the cost to create a new persona is lower than the reward that new persona can generate, users are incentivized to divide themselves. The ability to mount Sybil attacks undermines the one-person one-vote model that many projects would ideally implement.

Closing the gap between Retroactive Sybil defense and Gitcoin passport

Publisher
jmc
September 07
Gitcoin aims to optimize capital allocation within a grants round (GR), primarily by preventing capital capture by Sybils. There are currently two independent systems in place for this that run in parallel. First, a multiplier ("Trust Score") is assigned to an individual's donation depending on their non-Sybil traits - the more likely they are to be a real human the more their donation is multiplied in the matching pool. This Trust Score is derived from evidence of personhood that a user collects in their Gitcoin Passport (GP). The other way is Sybil Account Detection (SAD) where accounts that are identified as potential Sybils by a human-in-the-loop machine-learning pipeline are "squelched" - i.e. ejected from the GR. As we move towards Grant 2.0 there is a need to optimize these processes and pivot towards a more composable Sybil defense system that can be tuned by individual grant owners to their own community's needs.

Ropsten merge-testing with GethStar

Publisher
jmc
May 30
The Ropsten merge is a significant milestone in Ethereum’s progress towards moving to proof-of-stake. It is the first pre-existing public testnet to be merged, making it an important test-case for merging Mainnet. It has already been entertaining because a naughty miner deployed a lot of hashpower to the network and brought the merge date suddenly much closer - so close that the merge data passed before a Ropsten Beacon Chain even existed. The client teams quickly posted fixes that pushed the trigger for the merge (TTD - terminal total difficulty) into the far future. Nodes that were sync’d to Ropsten halted because there was no Beacon Chain yet to take over the consensus and block gossip responsibility, but those functions were switched off in Geth.

Fighting Simple Sybils: Levenshtein Distance

Publisher
jmc
May 19
Quadratic funding - the mechanism that currently determines the value of Gitcoin grant funding -is inherently vulnerable to Sybil attacks. Sybil attacks are individual humans dividing themselves into multiple “virtual humans” in order to gain additional voting weight. In traditional banking and voting systems, Sybil resistance comes from “KYC” (know-your-customer) which links personal identifying information to some action. In Web3, “KYC” is generaly minimized because it undermines the core ethos of censorship resistance and permissionlessness. This means other methods are required to identify which participants in a grant round are real individual humans, and which are not.

FDD: Gitcoin DAO's Trust Function

Publisher
jmc
May 17
Across 13 rounds, Gitcoin has given almost $60 million to public goods. Projects that demonstrably create positive externalities bid for portions of the total funding pool. Like any substantial pool of money, Gitcoin grants attract diverse attacks from bad actors aiming to divert a portion of that money away from public goods and into their own wallets. The role of Gitcoin's Fraud Detection and Defense (FDD) squad is to protect the Gitcoin community - a diverse group that includes users, $GTC holders, grant recipients, donors and stakeholders in funded projects - from these attacks. From FDD emerges a protective layer that filters out attackers, enables partnerships with people and projects that have genuinely good intentions and delivers a trustworthy set of grant decisions. In doing so, FDD minimizes financial spillage to dishonesty and incompetence are thereby maximizes the public goods that can be supported by a given pool of funds. This article explores the various components of FDD and explains how they operate together to form a community "trust function" that protects public goods.
Card Header

Ethereum PoS Attack and Defense

Publisher
jmc
April 15
Overview of known attack vectors on Ethereum and how they are defended

Gitcoin FDD squad onboarding

Publisher
jmc
April 04
People make or break DAOs so onboarding good people is critical. However, it is also notoriously difficult to get onboarding right, and not only for DAOs - onboarding challenges cost businesses millions every year and there is a growing recognition that organizations with strong onboarding protocols outperform those with a "sink or swim" approach. Onboarding is where organizations and contributors make their first impressions on each other, set expectations and establish the tone of their new relationship. Getting this wrong has substantial costs in terms of reputation, time, morale, money and opportunity costs when potentially great contributors decide to go elsewhere.