RGP-6 Forensic Accounting of Airdrop Sybil Attack

It is of concern that some wallets linked to VCs who had funded Ribbon had intentionally chosen to make multiple small (0.1 ETH) deposits to Ribbon only a few weeks before Ribbon announced details of its airdrop program:

we applied a transformation on the distribution that favored smaller depositors

This proposal asks for management resources and budget to hire a firm experienced with blockchain tracing and forensics to report on

  1. the earliest data a large entity started airdrop farming from wallets masquerading as “smaller depositors”

  2. whether all gains linked to wallets controlled by VCs who had funded the protocol have been accounted for and returned to the DAO as promised

  3. a summary containing the wallet addresses and relevant transactions of other entities who engaged in similar attacks on the Ribbon airdrop system

This investigation and report by a trustworthy third party using public blockchain records can add value to Ribbon by reassuring the community that all profits wrongfully earned have been disgorged. It appears that there are funds which have not been voluntarily returned and the publicity surrounding the forensic audit may lead to further voluntary disgorgements which would benefit the DAO.

There is a side benefit to the crypto community in allocating resources for a forensic investigation of the public ledger to deter future abuse.

(1) https://twitter.com/ribbonfinance/status/1397919630631444495
(2) Ethereum Transaction Hash (Txhash) Details | Etherscan (example airdrop farming transaction pre-dating the public announcement)
(3) 0xSisyphus (Twitter) cited Ethereum EOA 0x85D25644526693897a3417fe149639E4422DC44B as one of many examples of a possible beneficiary of the airdrop attack who has not disgorged funds to the DAO

If we are paying someone to investigate this further, then we should also find a way to reward the original person who investigated this (for free).

1 Like

Some info from the team:

Action 3

On top of that, to quell fears that our investors are depositing based on inside information, we have compiled a list of 137 addresses that have deposited after the investor email.

We will be sending an internal email to our investors to return all RBN airdrops received to the Ribbon DAO Treasury if they were depositors between between May 17 4pm UTC and May 22 12am UTC. Although it will be difficult/impossible to prove ownership, we believe that the chain analytics ninjas will figure out if there is more malicious airdrop farming.

No explciit rewards for further investigation, but more info revelaed.