Further limit draining faucet before the hackathon weekend

[ericnakagawa]

Describe the feature you would like

I’d like a way to further limit draining of testnet faucet.

One idea is to require GitHub auth via Social Connect to further limit abuse.

Additional context

No response

[arthurgousset]

Thanks for raising this @ericnakagawa 👍 Convo started on Slack and moved over here.

I checked, the faucet address (0x22579CA45eE22E2E16dDF72D955D6cf4c767B0eF) is indeed low on tokens.

faucet.celo.org also display a message that the faucet is low on tokens:

[arthurgousset]

Eric is hosting a hackathon this weekend and needs the faucet to be accessible to devs.

[arthurgousset]

It looks like the current faucet balance is:

1. cREAL: ~0.8
2. cUSD: ~1.2
3. cEUR: ~824,264
4. CELO: ~0.3

Source: https://alfajores.celoscan.io/address/0x22579ca45ee22e2e16ddf72d955d6cf4c767b0ef

[arthurgousset]

Checking how much the faucet distributes at the moment.

From here

faucet/apps/firebase/src/database-helper.ts

Lines 205 to 222 in c95522e

	function getSendAmounts(
	authLevel: AuthLevel,
	config: NetworkConfig,
	): { goldAmount: string; stableAmount: string } {
	switch (authLevel) {
	case undefined:
	case AuthLevel.none:
	return {
	goldAmount: config.faucetGoldAmount,
	stableAmount: config.faucetStableAmount,
	}
	case AuthLevel.authenticated:
	return {
	goldAmount: config.authenticatedGoldAmount,
	stableAmount: config.authenticatedStableAmount,
	}
	}
	}

we know it's the amounts set here

faucet/apps/firebase/src/config.ts

Lines 3 to 12 in c95522e

	export interface NetworkConfig {
	nodeUrl: string
	faucetGoldAmount: string
	faucetStableAmount: string
	authenticatedGoldAmount: string
	authenticatedStableAmount: string
	bigFaucetSafeAddress: string
	bigFaucetSafeAmount: string
	bigFaucetSafeStablesAmount: string
	}

Checking what the amounts are set to.

Following the setup instructions in readme.md:

$ cd apps/firebase
$ yarn dlx firebase-tools@latest logim
# ...
$ yarn install

From firebase/README.md, we get the config values with:

$ yarn cli config:get --net alfajores
{
  // ...
  "authenticated_stable_amount": "5000000000000000000",
  "authenticated_gold_amount": "5000000000000000000",
  "faucet_gold_amount": "500000000000000000",
  "faucet_stable_amount": "500000000000000000",
  // ...
}

Converting from wei to ethers

# authenticated
$ cast from-wei 5000000000000000000 ether
5.000000000000000000

# not authenticated
$ cast from-wei 500000000000000000 ether
0.500000000000000000

[arthurgousset]

Ideas to avoid faucet being empty:

1. lower unauthenticated amount even more. But that doesn't prevent abuse per se, it only makes the number of requests required to drain the faucet higher
2. separate faucet balance available for authenticated and unauthenticated requests. If unauthenticated requests empty their allocation, authenticated users are not affected, because their available balance is not empty. But that doesn't protect from authenticated abusers.
3. Limit authenticated requests per day. If authenticated users want to abuse the faucet, they have to use multiple Github accounts, which creates additional friction.

[arthurgousset]

Ideas to fill the faucet by the weekend:

1. wait for validator rewards to come in
2. convert a portion of ~824,264 cEUR into CELO
3. Eric to fill faucet with tokens he has

[arthurgousset]

• Confirm that faucet is getting replenished

[arthurgousset]

Historical context: Aaron shared that the faucet is currently only getting replenished using carbon offsetting rewards.

$ celocli network:parameters --node alfajores
... 
EpochRewards:
  carbonOffsetting:
    factor: 0.25
    partner: 0x22579CA45eE22E2E16dDF72D955D6cf4c767B0eF
...

The faucet address is set as the carbon offset reward recipient: 0x22579CA45eE22E2E16dDF72D955D6cf4c767B0eF

In the past, the faucet was replenished by transferring funds from a larger funder account.

[arthurgousset]

Asked for help to make a short-term transfer to the faucet for the weekend hackathon.

[arthurgousset]

This address 0xB8c3475D736aB7c587B3fCF6a4E2d55136d4968f seems to be getting 5 CELO from the faucet repeatedly.

Source: https://alfajores.celoscan.io/address/0xb8c3475d736ab7c587b3fcf6a4e2d55136d4968f

It then seems to be sending them on to 0x90C68A26B792814e99Ac8E337F5b1BB47136F9FF

Source: https://alfajores.celoscan.io/address/0xb8c3475d736ab7c587b3fcf6a4e2d55136d4968f

That address 0x90C68A26B792814e99Ac8E337F5b1BB47136F9FF has a 11,190 CELO balance.

Source: https://alfajores.celoscan.io/address/0x90c68a26b792814e99ac8e337f5b1bb47136f9ff

[arthurgousset]

The faucet balance has been drained by 100,000 CELO in 10 days. From Mar 19 to Mar 29, the balance dropped from 100,460 to near 0.

Source: https://explorer.celo.org/alfajores/address/0x22579CA45eE22E2E16dDF72D955D6cf4c767B0eF/coin-balances?block_number=23258880&items_count=50#address-tabs

[arthurgousset]

It might be necessary to limit the amount of CELO that can be sent out, whether the user is authenticated or not.

[arthurgousset]

The faucet seems to be funded by carbon offsetting rewards once per epoch (= day):

Source: https://explorer.celo.org/alfajores/address/0x22579ca45ee22e2e16ddf72d955d6cf4c767b0ef/coin-balances?block_number=23241704&items_count=100

Source: https://explorer.celo.org/alfajores/block/23241600/epoch-transactions

[arthurgousset]

The funding amount fluctuates with use, because carbon offset rewards depend on network usage. In recent days it's around ~900-1,000 CELO per day, but not sure what it looks like before:

Source: https://explorer.celo.org/alfajores/block/23241600/epoch-transactions

Source: https://explorer.celo.org/alfajores/block/23224320/epoch-transactions

Source: https://explorer.celo.org/alfajores/block/23207040/epoch-transactions

[arthurgousset]

Other ideas to limit abuse:

1. Adjust the amount that is sent based on the recipient's balance (if CELO balance high, send less)
2. Check reCaptcha is required when user is Github authenticated (seems like a bot is making 5 CELO requests repeatedly)

[arthurgousset]

The faucet used be funded every hour:

• Constant refill #47

[arthurgousset]

This address 0xb8c3475d736ab7c587b3fcf6a4e2d55136d4968f seems to be running an automated process.

Eric briefly funded the faucet with 25 CELO and the address above automatically started making 5 CELO requests until the faucet was empty:

Source: https://explorer.celo.org/alfajores/address/0x22579CA45eE22E2E16dDF72D955D6cf4c767B0eF

Source: https://explorer.celo.org/alfajores/address/0x22579CA45eE22E2E16dDF72D955D6cf4c767B0eF/token-transfers#address-tabs

[jcortejoso]

Hi @arthurgousset ! Thanks for the explanation.

Do we know what authentication method is the draining bot using?

[arthurgousset]

This address 0xbabe97E806Ae3a153A94F2ee564cD8cCeA1Dc913 is also "attacking" the faucet and sending to the same address as above 0x90C68A26B792814e99Ac8E337F5b1BB47136F9FF

Source: https://explorer.celo.org/alfajores/address/0x22579CA45eE22E2E16dDF72D955D6cf4c767B0eF/token-transfers#address-tabs

[arthurgousset]

Hi @arthurgousset ! Thanks for the explanation.

Do we know what authentication method is the draining bot using?

Yes, the bot is using a Github authenticated account to request 5 CELO instead of 0.5 for unauthenticated accounts.

But, more importantly, we have a mechanism in place that doesn't fund any address that has more than 20 CELO. But, there was a bug that prevented that from working.
It's fixed and deployed in production:

• Fix fadeOutAmong bug when sending CELO #167

That means if the bot has a balance >= 20 CELO the faucet will not fund it.

Technically, the bot could be updated to always have a balance < 20 CELO and send it on to another address, but as a quick fix, this might prevent the bot from working over the weekend.

Depends how quickly they'll update the scripts.

I'll look into better long-term solutions to prevent abuse.

[arthurgousset]

Unfortunately, it looks like the bot is still able to request 5 CELO repeatedly. because their balance is below 20. They are currently using this address: 0xbabe97E806Ae3a153A94F2ee564cD8cCeA1Dc913.

Source: https://explorer.celo.org/alfajores/address/0xbabe97E806Ae3a153A94F2ee564cD8cCeA1Dc913/coin-balances#address-tabs

[arthurgousset]

One short-term fix could be to reduce the amount of CELO that are sent out to authenticated accounts.

Currently, it's 5 CELO. We could set it to 0.5 CELO, which is the unauthenticated amount.

[arthurgousset]

Whenever the bot's balance is above 20, the faucet doesn't send tokens as expected 👍

Here 0xbabe97E806Ae3a153A94F2ee564cD8cCeA1Dc913 has 21.25 CELO. So requests stop until the bot sends CELO away and the balance drops below 20.

Source: https://explorer.celo.org/alfajores/address/0xbabe97E806Ae3a153A94F2ee564cD8cCeA1Dc913/coin-balances#address-tabs

[arthurgousset]

We could consider limiting requests per Github user per day.
But, that's not a short-term fix, because I have to save state in Firebase and add some code that reads/write Github user data.

We could store a hash of the Github username, so it anonymizes users, but still uniquely identifies them.

We could also limit requests to 1x per day.
For additional requests, we could make it conditional on having CELO on mainnet.

[arthurgousset]

0xbabe97E806Ae3a153A94F2ee564cD8cCeA1Dc913 is sending tokens to 0x6FF76397c1d9aAFD63DFdB63C0C701d061d3d822, which currently has a balance of 10,828 CELO

Source: https://explorer.celo.org/alfajores/address/0x6FF76397c1d9aAFD63DFdB63C0C701d061d3d822/transactions#address-tabs

Source: https://explorer.celo.org/alfajores/address/0x6FF76397c1d9aAFD63DFdB63C0C701d061d3d822/token-transfers#address-tabs

[arthurgousset]

(for future reference)
Javi topped the faucet up with 50,000 CELO so Eric is unblocked for the weekend.

[arthurgousset]

We also sent @ericnakagawa 50,000 CELO as a short-term fix for the weekend. That way he can top up the faucet independently, if he has a short-term need, and the faucet is still affected by the abuse.

[arthurgousset]

I'm closing this issue as it pertains to the hackathon weekend, and opened a new issue for longer-term changes to prevent abuse:

• Implement longer-term changes to prevent faucet abuse Implement longer-term changes to prevent faucet abuse #170