Gitcoin logo
Our Blog

Strengthening CyberConnect's Loyalty Program with Gitcoin Passport

Sybils can exploit decentralized communities' reward systems by distributing their influence across multiple identities. This can lead to a single malicious actor accumulating a significant portion of the resources or rewards, skewing the distribution away from genuine participants. In this case study, we will review how Gitcoin Passport fortified CyberConnect’s loyalty program enhancing security and enabling a sharper focus on genuine participants. 

Defending CyberConnect FanClub Rewards Against Sybil Attacks

CyberConnect is a web3 social network that enables developers to create social applications empowering users to own their digital identity, content, connections, and monetization channels. Developers can build innovative social applications where users own their identities and data while creators can grow their audiences in a fairer and decentralized environment. Messari, Rarible, 1inch, and BNB Chain, along with 2,500 projects and 1.2M users and creators are building long-lasting connections through apps built on CyberConnect.

In March 2023, CyberConnect launched FanClub, a loyalty program to recognize and reward quality enagement by its community members on both on and off-chain channels. The program rewards daily and weekly  points to users for their contributions in the following categories: Twitter Engagements, CyberConnect Protocol Engagements, and Referrals. Points can be redeemed for tickets to participate in weekly raffles.

The team consistently encountered Sybil attacks that led to an unfair distribution of the weekly reward pool. In one instance, a single address 0x82…43a4 funded gas fees to over 1,700 addresses in early April, allowing each address to purchase seven raffle tickets every week. Without intervention, this Sybil account could have amassed over 11,000 tickets and won 5,000 mini-shards (a collectible reward) from the raffle every week.

The Burden of Manual Review

The CyberConnect team initially focused on identifying Sybil utilizing data from Link3, a web3 social network built on CyberConnect protocol. l. Many Sybil accounts were identified based on bulk invitations, similarity of handles for user profiles and email addresses, and synchronized actions for activities such as registration, login, minting, and joining FanClub. In addition, the team introduced onchain criteria such as lack of transactions on Mainnet, gas on Binance Smart Chain originating from a single transfer or a contract, and accounts that have received mini shards (a form of a collectible) from multiple addresses.

These results obtained through automated tools were manually reviewed weekly, allowing the team to ban obvious Sybil accounts. However, the manual review process was time-consuming.

Dual Reward System Using Gitcoin Passport 

After the CyberConnect team noticed many Sybil-like activities, they integrated Gitcoin Passport to ensure that rewards are distributed fairly. As a solution, the project divided the reward pool into a Main Pool and a Side Pool. Additionally, the team introduced a Credit Point system to differentiate human users from bots. Users with 24+ Credit Points can access the Main Pool and share most rewards. The Credit Points combine the Gitcoin Passport score and other qualifying user attributes based on weights as follows:

Gitcoin passport passing score: Up to 100

Link3 profile completion with an avatar, display name, basic info: 1.67

Paid CyberProfile: Up to 3.34

  • CyberProfile length is less than or equal to 12 characters +1.67
  • CyberProfile length is less than or equal to 6 characters +1.67

Link3 event W3ST holding: Up to 6.68

  • Hold 10 W3ST +1.67
  • Hold 50 W3ST +1.67
  • Hold 100 W3ST +1.67
  • Hold 500 W3ST +1.67

The optional requirement for paid CyberProfile and W3ST (Web3 Status Tokens) holding elevates the cost of forgery for attackers with low Gitcoin Passport Score. In combination, the Credit Point system keeps costs low for legitimate users. Users with 24 or more Credit Points have their raffle tickets automatically enter into the Main Pool. All other users' raffle tickets enter the Side Pool.

The Impact

The seamless integration with Gitcoin Passport has led to enhanced efficiencies:

  • The project has seen a significant decrease in Main Pool entries from 278k to 70k for the first week after integrating Gitcoin Passport
  • Additionally, with the introduction of Gitcoin, the manual workload has significantly decreased. The team can focus more on identifying any obvious Sybils in the main pool. 
  • The ease of integrating with Gitcoin Passport with few lines of code has saved time and resources for the Cyberconnect team, including the effort needed otherwise to build a custom solution for the purpose 
  • The project is now exploring pathways to become a Passport Stamp provider, with the first credential to be given to admins of the existing 2600+ verified organizations on Link3. 

The Takeaway

CyberConnect utilized a built-in, battle-tested Sybil detection mechanism in the form of Passport Score while augmenting this mechanism with the Credit Point system to protect the interests of long-time community members. Passport’s streamlined API lets developers easily integrate, saving time and money while gaining access to defenses built leveraging years of institutional experience safeguarding the Gitcoin Grants program.

For more information on Gitcoin Passport, you can access the Passport Documentation or join the Gitcoin Passport Builders Telegram if you’re interested in getting help from the Passport team in integrating Passport into your project or community.

Read more
Featured Posts

Define - Laying the Foundation for Your Grants Program

[BLANK] Canvas Details: Speaker Lineup & Schedule for Our EthCC Event

Gitcoin Grants 2024 Strategy & Updates