Sybil resistance

The need for Sybil protection

“In a Sybil attack, the attacker subverts the reputation system of a network service by creating a large number of pseudonymous identities and uses them to gain a disproportionately large influence.” - Wikipedia

Crypto projects are particularly susceptible to Sybil attacks since they are usually permissionless and allow an anonymous set of users to participate. Recently, there have been two broadly discussed Sybill attacks on airdrops that exemplify a larger problem. In both cases, Ribbon Finance and Ampleforth, insiders either exploited non-disclosed information or gamed core metrics in expectation of a later airdrop.

The just discussed events related to Ribbon Finance and Ampleforth are good examples of financial Sybil attacks, where the purpose was to obtain financial gains. However, it might be just a matter of time until we see governance Sybil attacks with the goal of affecting or entirely taking over governance of decentralized projects. Hence, governance from anonymous users requires particular attention - the goal must be to avoid that a small number of skilled actors exploit and abuse a mechanism that is ultimately attempting to provide users with long-term incentives and a pro-rata voice (based on their activity) in the development of the product they use.

Anti-Sybil mechanisms attempt to solve the problem of Sybil attacks (including financial and governance ones). Unfortunately, no single mechanism has yet emerged as best in class. Instead, most projects that attempt to harden their project against Sybil attacks employ a number of different mechanisms.

Sybil resistance must also be of utmost importance to Gyroscope. Gyroscope is fully decentralized from the very beginning, which especially in the earliest phases (e.g., voting through frog NFTs) might expose the system to governance Sybil attacks. This document provides some context on the need for anti-Sybil mechanisms and intends to accelerate the discussion on how to harden Gyroscope against Sybil attacks.

Stocktaking of general Sybil resistance mechanisms

Description Example Service provider required? Sybil resistance Suitability for any future AML/ KYC compliance Effort req / anon. infringement
Existing, best-in class solutions Link address to Twitter account Sybil 0 1/3 0/3 1/3
Existing, best-in class solutions Use addresses with relevant history, e.g. snapshot votes Yearn, BadgerDAO, Sushi, Balancer, YAM 0 1/3 1/3 0/3
New, specific solutions Link addresses to social data from level 2.5 n/a 0 2/3 0/3 1/3
Other solutions Traditional KYC: Passport or other government issued document Civic, Veriff, Synap, … 1 3/3 3/3 3/3
Other solutions Use ID derivative: phone number Twilio, others 1 3/3 1/3 2/3
Other solutions Digital ID brightID, ProofOfHumanity 0 2/3 0/3 0/3
Other solutions Proof of personhood Idena 0 3/3 0/3 0/3
Other solutions Account history Know - your - transaction & similar analysis 1 2/3 2/3 0/3

Additional information: general overview of traditional service providers

Service providers Link Integrations Outreach
Chainalysis link Tether, Circle tbd
Coinfirm link Circle, Binance, Cardano tbd
Coral link Circle tbd
Elliptic link Circle tbd
Nansen link misc tbd

wow ! :grinning: i really liked gyro finance platform


:muscle: :muscle: :muscle: :muscle: go on gyro. i trust ur project badly


While the traditional ID KYC might be the most effective mechanism, it doesn’t really fly for users who embraces crypto ethos of decentralisation and anonymity. Most likely approach to tackle Sybil is likely a combination of the above stated mechanism.


i trust ur project badly,i really liked gyro finance platform!


nice work, thanks u guys deep into the small area


I agree Sybil resistance its a important subject,
I like some of the solutions you mentioned except the ones that requires ID or passport, because lot of people dont like doing those KYC, even if they are from serious projects.
Probably to the frog NFT add people who got to the forum -this level 3 thing the team made- and then those who voted on the ongoing governance.


Traditional ID KYC is bad because there are problems about privacy.
We should use new KYC methods based on web3 to balance privacy and authenticity.


Personally, I prefer not to provide my ID or passport. I have bad experience from the past… :neutral_face:


RBN was a complete shitshow, I am glad you are working to address this matter


Hey guys i’m part of the Ribbon community and i ask the founders what they would do differently and they said they would rewarding linearly based on $ contributed, could also look at excluding addresses that got funded by one of the multi send websites.
Also i watched a youtube video with Lewis hosting it and it sounds like he’s not a fan of transactions being open to the public, if this was the case the Ribbon sybil would never of been discovered.


Come across this project today sort of like a linkedin but for crypto


Probably the best option is this one, not a fan of traditional KYC tbh.


My opinion ‘Traditional KYC’ it’s not ok.
Other solutions maybe Digital ID or WEB3.


Great project, I hope to be a useful member for this great community.


I don’t fully understand what the conclusion of this is?


Traditional KYC is not a good solution. Any ways… love Gyro and would love to see the next phases of the project.


with power.step by step :muscle: :muscle:


every things seems great.about KYC i think is not a good filter.with respect but hey! you guys are genius :100:


I hope we stop seeing such things