As a Web3 developer, have you been troubled by sybil attacks? As a Web3 user, have you been annoyed by sybil attacks? Let's take a look at a solution on AO — the Vouch system.
Author: txohyeah
Translator: txohyeah
Reviewer: Kyle
Source: Content Guild Translation
What is a sybil attack?
A Sybil attack is a type of network attack in which an attacker creates multiple fake identities to manipulate or control a system. The term originates from the real-life case of Sybil Dorsett, who was diagnosed with dissociative identity disorder (formerly known as multiple personality disorder). This term has been adopted in the field of cybersecurity to describe the behavior of attackers creating multiple false identities to carry out their attacks.
Preventing Sybil attacks is a constant challenge in the Web3 space. To prevent such attacks, network systems typically counter these attacks by implementing methods, such as using Proof of Work (PoW), Proof of Stake (PoS), and other mechanisms to increase the cost of attacks, or employing techniques like message graph analysis and centralized identity verification to identify and isolate false identities.
To further enhance defenses, we introduce the Vouch system, which combines various methods to build a comprehensive defense against Sybil attacks.
What is the Vouch system?
The Vouch system is a reputation evaluation system built on AO. It calculates a unique vouch score for each user by comprehensively analyzing various data points about the user. This score not only reflects the user's activity and credibility within the AO ecosystem but also serves as a key metric for measuring the user's authenticity. Applications on AO can use this score to effectively distinguish genuine users, thereby optimizing user experience and enhancing platform security. Additionally, the vouch score can play a role in authorizing important operations. for example, when distributing user rewards, those with higher vouch scores may be given priority or additional rewards. This approach not only incentivizes positive user behavior but also promotes the development of a healthy and harmonious online environment.
Currently, the entry point for the Vouch system is: https://vouch-portal.arweave.net/
It provides a quick calculation method for two major platforms: Llama Land and Permaverse. This allows users to calculate how many vouch points their account currently has, how many points are provided by each source, and the total number of points required to participate in certain activities on the platforms. While other applications do not offer a quick calculation method, they can still use vouch scores for user verification. Later, we will provide an introduction using "Llama Media" as an example.
Four Vouch Methods
1. Vouch X
Users can verify their identity via Twitter, which includes certain requirements for the Twitter account, such as the account registration date. Of course, a single Twitter account can only be used to obtain vouch points once.
2. Vouch Gitcoin Passport
Gitcoin Passport is a digital identity verification system developed by Gitcoin, designed to provide blockchain projects and decentralized applications (DApps) with a more secure and transparent way to verify user identities while protecting personal privacy. By verifying a Gitcoin Passport, users can also earn vouch points. Similarly, a single Gitcoin Passport can only be used to obtain vouch points once.
3. Vouch AO Balance
Currently, the AO token remains non-transferable, so users can earn vouch points by verifying their AO balance, and the vouch points earned from AO balance are quite substantial.
4. Vouch wAR Stack
The last method is staking wAR. The Vouch system calculates vouch points based on the duration of the wAR stake and the current price of AR.
System Architecture
As shown in the architecture diagram below:
- The core manager of the Vouch system is an AO process named VouchDao. It primarily handles caching vouch records and querying vouch records.
- In the vouch records, the total vouch score and the vouch scores obtained from different sources are included.
- Vouch X, Vouch Gitcoin Passport, and Vouch AO Balance are all front-end Permaweb applications that implement the methods for calculating scores and sending records to the VouchDao process.
- The Vouch wAR Stake method is more complex. It not only includes a front-end application but also multiple AO processes. The Vouch Custody process is responsible for calculating vouch scores and sending records to the VouchDao process. Additionally, each time wAR is staked, the Custody Creator process manages the process and creates a staking process for each staking user.
- The Vouch system can be extended in the future to incorporate new anti-sybil attack methods, making it highly scalable.
Applications on Llama Land
Someone once said that projects that haven't been attacked are projects that can't withstand the storm. The Llama Land project has also been engaged in a battle of wits against bot armies! From the initial whitelist queueing to the daily manual account bans, the developers of Llama Land have spent a great deal of effort. Thus, the Vouch system was born.
Currently, in Llama Land, users need to first become Llama Citizens to claim daily login rewards and petition the Llama King. However, users who have not become Llama Citizens can still move around in Llama Land. To become a Llama Citizen, users must complete a vouch score verification with the Citizenship Administrator, requiring a score greater than 5. Upon becoming a Llama Citizen for the first time, users receive 25 Llama Tokens as starting capital.
Vouch System Application Demo
Next, I will illustrate how to use the Vouch system for verification in your own application using Llama Media as an example. Llama Media is a media company built on the Llama Land platform, where part of the revenue from advertisements can be shared with users who click on the ads. Imagine if there were no defenses against sybil attacks; the bots would quickly claim all the advertising rewards. This would harm the advertisers' interests and prevent real users from receiving their share of the ad revenue. Therefore, the following code has been added to the reward claiming function of the Llama Media NPC (Non-Player Character):
The main verification comes from the GetVouchScoreUsd(msg.From) function, which retrieves the user's vouch score. If the vouch score is less than 2, the user is prompted to complete the vouch verification first. Let's take a closer look at the content of the function, as shown in the following code. The ID ZTTO02BL2P-lseTLUgiIPD9d0CF1sc4LbMA2AQ7e9jo refers to the VouchDao process mentioned earlier. The function sends a message with the action Get-Vouches to retrieve the corresponding user's vouch record and its details.
What is VOUCHER_WHITELIST?
- Vouch-X - Ax_uXyLQBPZSQ15movzv9-O1mDo30khslqN64qD27Z8
- Vouch-Gitcoin-Passport - k6p1MtqYhQQOuTSfN8gH7sQ78zlHavt8dCDL88btn9s
- Vouch-AO-Balance - QeXDjjxcui7W2xU08zOlnFwBlbiID4sACpi0tSS3VgY
- Vouch-wAR-Stake - 3y0YE11i21hpP8UY0Z1AVhtPoJD4V_AbEBx-g0j9wRc
If you want more granular control in your application, you can certainly implement the corresponding verification functions.
Incorporating the Vouch system is straightforward and provides a robust shield, isn't it? Start building sybil attack protection into your application right away!
🏆 Spot typos, grammatical errors, or inaccuracies in this article? Report and Earn !
Disclaimer: This article does not represent the views of PermaDAO. PermaDAO does not provide investment advice or endorse any projects. Readers should comply with their country's laws when engaging in Web3 activities.
🔗 More about PermaDAO :Website | Twitter | Telegram | Discord | Medium | Youtube
All Comments