Post-Mortem Sybil Analysis of ARB Token Distribution

[poupou-web3]

Background

In 2023, the Arbitrum token distribution was initiated. Nearly a year has elapsed since, with significant activity observed on the Arbitrum chain and other EVM-compatible chains. This issue aims to conduct a retrospective analysis to identify clusters of Sybil accounts that may have exploited the ARB token distribution.

Objective

The primary goal is to detect and analyze patterns of Sybil's behavior in the distribution of ARB tokens. This involves identifying clusters of addresses that potentially acted in concert to manipulate or "farm" the ARB token distribution.

Data Collection

• Step 1: Compile a comprehensive list of addresses that received Arbitrum tokens during the initial distribution phase.
• Step 2: Collect data on the on-chain activities of these addresses since the distribution.

Analysis

• Clustering Methodology: Develop an approach to cluster these addresses based on their transaction patterns. Special attention should be given to addresses that may have aggregated ARB tokens for various reasons (security, management, etc.).
• Exclusion Criteria: Clearly define criteria to exclude centralized exchanges and bridge addresses that might form artificial clusters.
• Cluster Identification: Use the defined methodology to identify as many relevant clusters as possible.

Deliverables

• A detailed report outlining the clustering methodology and the rationale behind the exclusion criteria.
• A comprehensive list of identified clusters, including all associated addresses within each cluster.
• An analysis of the behavior patterns of these clusters to understand how they may have gamed the airdrop system.

Final Goal

The ultimate aim of this analysis is to gain insights into the methods employed by Sybil entities during the ARB token distribution. This understanding will help in formulating strategies to mitigate such exploitative behaviors.

[epowell101]

Hey @poupou-web3 nice! A couple of clarifying questions:

1. Would the output then be for example a list of accounts ranked by size (how many ARB they accumulated) and by Sybilness?
2. What would be a good metric of Sybilness? Is it an account that tends to move in concert with other accounts, suggesting that all of the accounts are likely controlled by one entity?
3. Maybe more fundamentally - perhaps a few bullet points on the specific moments in the history here of ARB that one would expect and want to examine such behavior could be useful to focus analysis.

Thanks for this issue!! Just trying to clarify further. We will attach bounties by the end of the week so a bit more clarification by then might be useful if you have the time.

[poupou-web3]

The data extraction part is covered by #2

Thanks @epowell101

Would the output then be for example a list of accounts ranked by size (how many ARB they accumulated) and by Sybilness?

Yes, the size you described would be a great metric to have, we could also have metrics such as the number of addresses that sent arb to that address (the airdrop was not the same size for all users), and thus also derived metrics.

What would be a good metric of Sybilness? Is it an account that tends to move in concert with other accounts, suggesting that all of the accounts are likely controlled by one entity?

Yes, this is advanced analysis but that would be a great catch.

Maybe more fundamentally - perhaps a few bullet points on the specific moments in the history here of ARB that one would expect and want to examine such behavior could be useful to focus analysis.

Yes again, the behavior of an airdrop farmer should be very different before and after the airdrop.

Thanks for adding these ideas.