“In a Sybil attack, the attacker subverts the reputation system of a network service by creating a large number of pseudonymous identities and uses them to gain a disproportionately large influence.” - Wikipedia
Crypto projects are particularly susceptible to Sybil attacks since they are usually permissionless and allow an anonymous set of users to participate. Recently, there have been two broadly discussed Sybill attacks on airdrops that exemplify a larger problem. In both cases, Ribbon Finance and Ampleforth, insiders either exploited non-disclosed information or gamed core metrics in expectation of a later airdrop.
The just discussed events related to Ribbon Finance and Ampleforth are good examples of financial Sybil attacks, where the purpose was to obtain financial gains. However, it might be just a matter of time until we see governance Sybil attacks with the goal of affecting or entirely taking over governance of decentralized projects. Hence, governance from anonymous users requires particular attention - the goal must be to avoid that a small number of skilled actors exploit and abuse a mechanism that is ultimately attempting to provide users with long-term incentives and a pro-rata voice (based on their activity) in the development of the product they use.
Anti-Sybil mechanisms attempt to solve the problem of Sybil attacks (including financial and governance ones). Unfortunately, no single mechanism has yet emerged as best in class. Instead, most projects that attempt to harden their project against Sybil attacks employ a number of different mechanisms.
Sybil resistance must also be of utmost importance to Gyroscope. Gyroscope is fully decentralized from the very beginning, which especially in the earliest phases (e.g., voting through frog NFTs) might expose the system to governance Sybil attacks. This document provides some context on the need for anti-Sybil mechanisms and intends to accelerate the discussion on how to harden Gyroscope against Sybil attacks.
|Description||Example||Service provider required?||Sybil resistance||Suitability for any future AML/ KYC compliance||Effort req / anon. infringement|
|Existing, best-in class solutions||Link address to Twitter account||Sybil||0||1/3||0/3||1/3|
|Existing, best-in class solutions||Use addresses with relevant history, e.g. snapshot votes||Yearn, BadgerDAO, Sushi, Balancer, YAM||0||1/3||1/3||0/3|
|New, specific solutions||Link addresses to social data from level 2.5||n/a||0||2/3||0/3||1/3|
|Other solutions||Traditional KYC: Passport or other government issued document||Civic, Veriff, Synap, …||1||3/3||3/3||3/3|
|Other solutions||Use ID derivative: phone number||Twilio, others||1||3/3||1/3||2/3|
|Other solutions||Digital ID||brightID, ProofOfHumanity||0||2/3||0/3||0/3|
|Other solutions||Proof of personhood||Idena||0||3/3||0/3||0/3|
|Other solutions||Account history||Know - your - transaction & similar analysis||1||2/3||2/3||0/3|