Request for Bounty: GitCoin Round 20

Due to time constraints in todays EcoSystem WG meeting I am posting the following & request for bounty.

GitCoin

GitCoin has built in tools (e.g. GitCoin Passport), but there are two short comings with the existing toolsets: 1) the operate behind the scenes in sort of a blackbox; and 2) the tools are for after the close of the round before matching funds are released and calculated (however, by then the damage is done)

1. This is easy to solve by making the results of the process more transparent. For example, with the release of funds disclose the tool/tools that were used and the results of running the tools for the round.

2. One of the purposes of quadratic funding is social signaling. In practice this doesn’t just apply to the matching funds, but the social signaling has a active role during the round - a project with significant number of donors receives more attention during resulting in even more donors.

GG20 ENS

We saw first hand in the GG20 ENS round a possible Sybil attack/airdrop farming - where ENS had a total of 7,576 donors the grantee had 6,000 donors within the 1st 48 hours of the round. I spoke with multiple grantees who were aware and bothered, but for a number of reasons preferred to remain silent than speak up. I’ll summarize the reason as follows: there is more incentive to remain silent about a potential Sybil/airdrop farming than speak up.

Nevertheless, I took it upon myself to reach out to GitCoin and within 24 hours they investigated and removed the grantee from the ENS round. In effect, my actions possibly resulted in an additional $10,000 of matching funds being available to the ENS grantees. While it is possible the existing tools may have discovered this, it wouldn’t have shifted the social signaling from the potential attack/airdrop farming to the rule abiding projects during the round.

Conclusion & Request for Bounty

Following discussions with other grantees who knew of the grantee but felt more benefit in staying quiet rather than speaking up, it is my opinion there needs to be incentive for the community to speak up when there are potential Sybils/airdrop farming taking place.

The existing tool(s) demonstrates the DAO’s & GitCoins commitment to uncovering Sybils/airdrop farming, but there is a short coming where they are limited to after the fact allowing potential attackers to capitalize on the social signaling during the round taking away attention and opportunity from the other projects.

As a supplemental tool to identify, fight & deter future Sybil attacks or airdrop farming, I am requesting a bounty for discovering & disclosing the issue on the GG20 ENS round, and moving forward a bounty for the grantees, and potentially the community, for identifying/disclosing potential Sybils/airdrop farming during the round, protecting DAO matching funds, and preserving the legitimacy of the social signaling during the GitCoin round itself.

Thank you ENSPunks! I know there are a few people who have had the same or similar questions, about how everything works. Sybil attacks are difficult, since it can be a cat-and-mouse game, and some discretion may be required for teams-people working behind the scenes, (to maintain the lead against attackers in the Sybil attacks).

I am not sure of all the details of what has-and-hasn’t happened with recent/past Sybil attacks, or the nuances of the people, processes, of the infrastructure, but whenever possible, transparency is great. Ensuring the integrity and fairness of our funding rounds is essential for the long-term success of both ENS and GitCoin communities.

All Sybil attacks, including during the GG20 ENS round, underscores the need for more transparent and timely detection methods. ENSPunks efforts in identifying and addressing the attack have highlighted an area where we might be able to improve, but there are usually counter-considerations, too.

To build on this, I wonder about the following possibilities to bridge our efforts with the wider community of builders, donors, and admin teams:

1. Exploring Transparency Enhancements: Can we explore ways to make the process and results of our anti-Sybil tools more transparent? (For example, may we consider disclosing the tools used and their results when releasing funds, which may build greater trust and accountability?)
2. Incentivizing Community Vigilance: Could we consider introducing a bounty system, for identifying and disclosing Sybil attacks, during the funding rounds, which could protect our matching funds and ensure legitimate social signaling? (This might encourage more community members to actively participate in safeguarding our ecosystem.)
3. Fostering Collaborative Efforts: Should we invite more community members and builders to join the discussion and take action with potential improvements to our anti-Sybil process? (More insights and expertise are invaluable in developing effective solutions…Collaboration and “community understanding” could help us create a more robust and resilient system.)

This latest GitCoin funding round has been the best one yet! We are building a transparent, fair, and resilient future for the ENS and GitCoin community!

Together, we can strengthen the community understanding, user-donor participation, and integrity of our funding rounds; and continue to support innovative projects that drive the Web3 ecosystem forward!

Hey

I’m head of the grant program at Gitcoin. I wanted to respond here with some information to clarify a few things.

We appreciate your identifying and addressing the potential Sybil attack during the GG20 ENS round. Your concerns about the impact of Sybil attacks on social signaling and the allocation of matching funds are valid and important.

Regarding the case of the Layer3 project, we can confirm that while there was some unusual activity, it is not entirely clear whether this constituted a deliberate Sybil attack to claim matching funds or if it resulted from their users engaging in potential airdrop/quest farming. We did investigate the matter, and the project ultimately chose to remove itself from the round after a conversation with the ENS Round Operator @Limes

We agree that transparency is crucial in maintaining the integrity of all funding rounds. For the Gitcoin-operated OSS rounds, we release not only the results but also the code used for calculations and the input data, which are available in our GG20 forum post and via API/RegenData. The same information is also available for the ENS round. You can find the code and input data through a query here.

Your suggestions for improving the process are valuable:

1. Displaying data post-Sybil filtering during the round to mitigate the distortion of social signaling caused by Sybils.
2. Implementing a bounty or incentive system for successful Sybil identifications in future rounds, similar to what was intended with GTC staking v2. We have a Google Form where anyone can submit suspicious wallets for review. We may also create a financial incentive for valid sybil identifications while being mindful of potential gaming attempts.

We encourage you to apply for the Citizens Retro Round 4 to discuss these ideas and potential solutions further. Collaboration with the community is essential in developing a more robust and resilient system to safeguard our ecosystem.

Once again, thank you for your vigilance and commitment to ensuring fair and transparent funding rounds.

Thank you for the thoughtful reply, acknowledgment & encouragement. I hadn’t previously known about GitCoin Citizens, it looks like a significant amount of community-led innovations, glad you linked it.

I edited my post to reflect the additional information provided, it’s a valuable lesson on being more careful and thoughtful myself with my own verbiage.

To confirm I did DM the GitCoin Twitter account, received an immediate response, was provided the same Google Form you linked in your comment, I submitted the same, and in turn it was investigated promptly. The transparency & timeliness in communication speaks volumes.

Great thanks! Appreciate the reply and your interest. Feel free to reach out anytime and we hope to see you in future rounds!