# Airdrop Post Mortem ## Failures 1. Incorrect number of tokens displayed 2. Press Release publishing failure 3. Poor reactions to token weights 4. Sybil attack undetected on testnet ## 1. Incorrect number of tokens displayed Users were all shown 24 tokens on January 10th. We did not notive until January 15th that every user on the list was getting 24 tokens, and the total amount was 2 Million. ### How When applying weights of each users points into tokens a script was run which iterated the list of weights and applied the formula num_of_tokens = weight / total_weight * 300,000. Instead of looping through the rows and applying the formula to each row, the python script applied the forum to the first row and then looped through the rows and applied the result of the first row to reach other row. Effectively giving everyone the 24 tokens that the first user has been rewarded ```python multiplier = 300000 / total_weight #broken code df["token_amount"] = df.iloc[1, 1] * multiplier df.iloc[:, [0, 2]].to_csv('final_odg_airdrop.csv', index=False, header=False) ``` ### Why Tally team and Joseph did not notice until it was too late on Monday. The primary failure is not double checking the work enough, asking for help, or writing tests. ### What should have happened 1. Manual checks. Double checking the list manually would have revealed every account had the same amount of tokens 2. More QA testing. Testing on multiple addresses on the website live would have revealed the same issue 3. Delaying instead of making last minute fixes. Due to PR pressure, the team chose to try and make several last minute changes instead of delaying to resolve, but the damage was already done. ## Press Release failure Press Release on news wire failed to publish as we were flagged for spam. ## Sybil Attack Detection Failure ### Key Takeaways - Minimum nonce requirement of 7 would have prevented entire attack - All accounts except 1 had no chat activity - Security and sybil attack assessment is recommended for next airdrop - Stole 5.4% of airdrop - Drained 21% ETH initial liquidity - Crashed ODG price by 47% ### Overiew Discord username: nurel_ Account created May 16, 2023 All accounts created Dec 15 Bulk of transations occurred Dec 29. waited until 2 days before snapshot First interaction Dec 8th 16 out of 22 wallets had a nonce of only 3. The highest nonce was 6. 24 wallets total, each earned 324.8722 ODG Made ~$19,000: 16,243ODG swapped for 8.3128 ETH ### Other Details Gas funded from faucet https://arbiscan.io/address/0x1b5b4e441f5a22bfd91b7772c780463f66a74b35 All accounts except 1 had no chat activity Most did only 3 transactions - build proxy, approve collateral, deposit Main wallet 0x052d62a6479E3C027AFFf55385F2ba53ffe8ba58 Inactive since September 2023 Originally funded July 2023 Claimed 324.872 ODG Bought back 413 ODG, then sold again 1 hour later Sold on Binance Swapped 3.80038 ETH to 3.8 WETH using MetaMask and bought $9,523 of Tether Sold 4000 Tether on Binance Claimed and sold the 413 ODG for 970 Tether $21,832 (5 ETH + 4000 Tether) sold on Binance $970 Tether remains in the wallet Aggregator wallet 0xf491FF8b6CA44AF3978EC80E14E352c35d03D5C9 Pooled ODG from 22 sybil wallets Performed large swap 16,243 ODG for 8.3128 ETH (~$19,000) Drained initial ETH liquidity by 21% Crashed ODG price by 47% 22 sybil wallets (Maybe missing 1 wallet? 23 total) 0xe6689cEBDaE2c21Dd3c75cCd7AC5643753985A1d username: dokivab wallet nonce: 3 0xC8513819e4bd5B22789d10CdF9c8BcD9817E3fDB deborah0774a 3 0x18E69094c577781bcf56012B9F42BfE1Ad091310 girenam883 3 0x5AaF40398FC3753C5C423394534BDFc6A9B2C33C michelle6319u 3 0xE048a3d6821a4156A1544A0d96B6121d63Fa06C2 cejiv 4 0xd4aa0D98fe517f98527803f30F24D06EE6653C37 helen8739v 3 0xa1A5066C9DDb7DfD19E1f319AD364cb21131aAaF elizabeth1360o 3 0x35A78D8055A63FCeF256a26C21855c597966791d michelle9973p 3 0xe982150121e8385A68a08b7498775444bc257AC9 carol7908y 3 0xcD009f2791814eb191EdeA90271985f98656E911 karen6458s 3 0xf8cD5373187Ede96B1c81BA6C07A77907fa4E2D2 elizabeth6721i 3 0xda9592EAcda11463091DAa8C65C48D722A3Ac855 mary5421i 6 0x221c09362Ddc12e3F29ec4ac30B19C9F95fC0B87 lisa0815g 3 0x358BB65fF07C373903aB6F42011c48B3605eB1a2 carol6337w 3 0x66E1823FfAb48C147b019Ea9a5A0b3A1DF680ECA ruth6081h 3 0xd8E9C4397757938f705FD5c36BA171A879905798 donna9459r 6 0xb5011b2FD7BB19e205DC09C39E617DFA9ECd6d12 carol9952d 3 0x77FFeEB8B3bFa91c53075998F8F50DfCdc266be5 donna5180a 3 0x866D9431033507d8e546C8Cf38AC8028Bf278522 sandra9297c 3 0x204C551D0eaBF5988B77c246A67c119E0363BB0b zdbggyvawywp Dec 8 6 0xcCf69Ad860507F0E3c67C3ADC3A7d5238aA657Ea zyrdomcuongym Dec 8 6 0x7c7A1C32D1CF038d8ECF4D72B0EC9a3A920978D5 mimoza__ - Has chat activity Dec 8 6