Author: txohyeah
Review: outprog
Source: Content Guild - News
What is a Sybil Attack?
Sybil attack is a type of network attack in which an attacker controls multiple false identities (or "sybil identities") to influence or control a network system. The name of this attack method comes from the real case of Sybil Dorsett, who was diagnosed with dissociative identity disorder (i.e., multiple personality disorder). This term was borrowed from the field of network security to describe the behavior of an attacker who creates multiple false identities to carry out attacks.
In the world of Web3, preventing witch attacks has always been an unavoidable topic. In order to prevent witch attacks, network systems usually take a series of measures, such as using mechanisms such as Proof of Work (PoW) and Proof of Stake (PoS) to increase the cost of attacks, or identifying and isolating false identities through message graph analysis and centralized identity authentication. The Vouch system introduced today combines multiple methods to build a system to prevent witch attacks.
What is the Vouch System?
The Vouch system is a reputation evaluation system built on AO. It calculates a unique vouch score for each user by comprehensively analyzing all aspects of the user's data. This score not only reflects the user's activity and credibility in the AO ecosystem, but also serves as a key indicator for measuring the authenticity of the user. Major applications on AO can use this score to effectively distinguish real users, thereby optimizing the user experience and enhancing the security of the platform. In addition, the vouch score can also play a role in authorizing important operations. For example, when rewarding users, users with higher vouch scores may be given priority or additional rewards. This approach not only encourages users to behave positively, but also promotes the construction of a healthy and harmonious network environment.
The current entrance to the Vouch system is: https://vouch-portal.arweave.net/
It provides a quick calculation method for the two major platforms, Llama Land and Permaverse. That is, it calculates how many vouch points your account currently has, how many each channel provides, and how many points are needed in total to participate in some activities on the platform. Although other applications do not provide a quick calculation method, they can still use vouch points for user verification. We will use "Yangtuo Media" as an example to introduce it later.
Four Vouch Methods
Vouch X
The identity of the user is verified through Twitter, which has certain requirements for the Twitter account, such as the account registration time, etc. Of course, a Twitter account can only be used to obtain vouch points once.
Vouch Gitcoin Passport
Gitcoin Passport is a digital identity verification system developed by Gitcoin that aims to provide a safer and more transparent way for blockchain projects and decentralized applications (DApps) to verify the identity of users while protecting personal privacy. By verifying Gitcoin Passport, users can also obtain vouch scores. Similarly, a Gitcoin Passport can only be used to obtain a vouch score once.
Vouch AO Balance
Currently, AO token is still in a non-transferable state, so users can obtain vouch points by verifying the AO balance, and the vouch points obtained by the AO balance are very good.
Vouch wAR Stack
The last method is to stake wAR. The Vouch system will calculate the vouch score based on the time of staking wAR and the current price of AR.
System Architecture
As shown in the following architecture diagram,
- The core manager of the Vouch system is an AO process named VouchDao, which mainly includes the functions of caching vouch records and querying vouch records.
- The vouch record includes the total vouch points and the vouch points obtained through different channels.
- Vouch X, Vouch Gitcoin Passport, and Vouch AO Balance are all pure front-end Permaweb programs that implement methods for calculating scores and sending records to the VouchDao process.
- The Vouch wAR Stake method is relatively complex. It not only includes the front-end program, but also multiple AO processes. The vouch score is calculated through the Vouch Custody process, and the record is sent to the VouchDao process. In addition, each time wAR is staked, it will be managed by the Custody Creator process, and a staking process will be created for each staking user.
- The Vouch system can be expanded in the future based on new anti-Sybil attack methods. It can be said that the scalability is very strong.
Application in Alpaca Continent
Someone once said that projects that have not been attacked are the ones that cannot withstand the wind and rain. The Yangtuo Continent project is also fighting wits and courage in the battle with the army of robots! From the initial whitelist queue to the daily manual account blocking of Yangtuo Continent, the developers of Yangtuo Continent spent a lot of effort. So the Vouch system came into being.
Currently, you need to become an Alpaca Citizen in order to receive daily login rewards and petition the Alpaca King. However, users who have not become Alpaca Citizens can still travel in Alpaca Continent. To become an Alpaca Citizen, you need to complete the vouch score verification with the Citizen Administrator. You can become an Alpaca Citizen only if your score is greater than 5. The first time you become an Alpaca Citizen, you will be given 25 Alpaca Tokens as the player's starting capital.
Vouch system application demo
Next, I will use Alpaca Media as an example to illustrate how to use the Vouch system for verification in your own applications. Alpaca Media is a media company built on the Alpaca Continent platform. Its advertising business can give users who click on ads a portion of the revenue from watching ads. So imagine that if there is no protection against witch attacks, this part of the revenue will soon be taken away by robots. This will damage the interests of advertisers and prevent real users from receiving advertising revenue. Therefore, the following code is added to the collection function of the Alpaca Media salesperson NPC,
Then the main verification comes from the GetVouchScoreUsd(msg.From) function, which obtains the user's vouch score, and if the vouch score is less than 2 points, the user is asked to complete the vouch verification first. Let's take a closer look at the content of the function, as shown in the following code, where the process id ZTTO02BL2P-lseTLUgiIPD9d0CF1sc4LbMA2AQ7e9jo is the VouchDao process mentioned above. The function sends a message with the Action Get-Vouches, which can obtain the corresponding user's vouch record and its details.
So what is VOUCHER_WHITELIST? I believe everyone can guess that the four addresses correspond to the four voucher methods. The corresponding relationship is as follows:
- Vouch-X - Ax_uXyLQBPZSQ15movzv9-O1mDo30khslqN64qD27Z8
- Vouch-Gitcoin-Passport - k6p1MtqYhQQOuTSfN8gH7sQ78zlHavt8dCDL88btn9s
- Vouch-AO-Balance - QeXDjjxcui7W2xU08zOlnFwBlbiID4sACpi0tSS3VgY
- Vouch-wAR-Stake - 3y0YE11i21hpP8UY0Z1AVhtPoJD4V_AbEBx-g0j9wRc
If you want more sophisticated control in your application, you can also implement the corresponding verification function.
It is very easy to use the Vouch system in your own application. Build anti-sybil attack protection in your own application!
