Potential abuse by notaries - asking for Governance and community review

[kevzak]

Issue Description

In reviewing https://datacapstats.io/large-datasets?limit=25, it was noticed several instances in the past few days/weeks of specific notaries signing off on 2PiB allocations of DataCap with no client name or address. Specifically:
Smart Dong
Bobbi Choi
Joy Lee
Tokencan

Impact

Potential clear sign of abuse of power

Proposed Solution(s)

Immediate removal from multisig and potential removal of DataCap

[kevzak]

FYI @galen-mcandrew @Kevin-FF-USA

[galen-mcandrew]

Addresses:
TAKI Chain: f15impf3j2zcaex4lhyxndxswuuhv24vzstuqtxsi
Bobby Choii: f1irqs2gmctiv3jcdfwuch7oxvf4ixh3k4b2wc24i
Tokencan: f1txboxiscdm4f3okffyjmbilmwjtbisrbee72j6q
NFTStar: f1c36q3bpodeddiers557j6e2mafw3oglitx56vty

[kevzak]

More found:

[kevzak]

[kevzak]

[kevzak]

[kevzak]

[kevzak]

Pangod: f1d4yb3wags3mtddzesxoo63jv7dmlec3bq4yteni
Aifabot: f174fg3bqbln3zjnkxtyf6s54txqkr7yqkj6cig7y
Ewesion: f1ihv7gz3vn3xqvikpt4rwryecgisl7745lodx3yi
RawTech Ventures: f1txfsjmix4vlzido4dkildrnbw26owtlbslexmpa
Protocan: f1vxbqrf7rfum3n6m5u6eb4re6xj7amvsaqnzu64y
Meibuy Cloud: f1bwugfihrmn3iyunzyxst5nttql3dge4khwmurtq

[MegaFil]

Looks like the fil+ rules are not being strictly enforced anymore, more than half of the notaries are breaking the rules now. Where is RG?

[MegaFil]

filecoin-project/filecoin-plus-large-datasets#1995

It's just only one bad case, shouldn't we stop the fil+ program?

[Chris00618]

Almost all SPs think fil+ is a joke. Why do these people continue?

Solana's snapshot project is all about fake data stored into filecoin, and too many notaries are abusive on this case. We think the fil+ team should be laid off a long time ago.

filecoin-project/filecoin-plus-large-datasets#923

[kenzz45]

"DC allocation involves subjective human decisions, opening the door to favoritism and discrimination, driving miners away to chains with normal consensus algorithms."

[TrueBlood1]

Also more found:

Addresses
Laura: f1bp3tzp536edm7dodldceekzbsx7zcy7hdfg6uzq
STCloud: f1jvvltduw35u6inn5tr4nfualyd42bh3vjtylgci

[TrueBlood1]

Addresses
Antalpha: f1xx6555qijma7igpnjspyvdunc4vfxkawnpqy5ii
SXX Future: f1foiomqlmoshpuxm6aie4xysffqezkjnokgwcecq

[TrueBlood1]

Addresses
FILWallet: f1qnumecdypgrbaebtkdfjnwt5ndacadcuas3deiq
LendMi: f12mckci3omexgzoeosjvstcfxfe4vqw7owdia3da

[TrueBlood1]

Addresses
DeFil: f1dnb3uz7sylxk6emti3ififcvu3nlufnnsjui6ea
IPFS.CN: f1j4n74chme7whbz3yls4a7ixqewb6dijypqg2a3a

[TrueBlood1]

Addresses
NFTSTAR: f1c36q3bpodeddiers557j6e2mafw3oglitx56vty
YuanHe Tech (Firefly): f1fg6jkxsr3twfnyhdlatmq36xca6sshptscds7xa

[TrueBlood1]

With so many similar phenomena, the rules of Fil+ need to be clarified again.

[galen-mcandrew]

This issue is in regards to signatures that do not have supporting client or GitHub diligence issues. Specifically, we are seeing "first" allocations for large tranches that do not have client application records. We are scoping this GitHub issue to that specific dispute type, so other claims or disputes are off topic for this thread. If there are other disputes, we would like to track those in specific forums.

We are working with the root key holders to remove the signers flagged above for large allocations with no supporting diligence.

[kevzak]

notaries signing off on 2PiB allocations of DataCap with no client name or address

@MegaFil as I stated initially, the flag in this proposal is regarding a specific group of notaries signing off with no client name or address on the first allocation at 2PiBs.

Your examples highlighted are all applications with client names, addresses, github links, and a variety of different signers on different allocation amounts and allocation stages. Not sure the correlation.

[kevzak]

With so many similar phenomena, the rules of Fil+ need to be clarified again.

@TrueBlood1 What rules are you asking to be clarified? Perhaps I can help.

The general Fil+ guidelines haven't changed and have always been listed here: (https://github.com/filecoin-project/filecoin-plus-large-datasets?tab=readme-ov-file#current-scope)

This proposal is to address a very specific example of notaries signing without client address or name. Let me know if you have found something else.

[kevzak]

Addresses FILWallet: f1qnumecdypgrbaebtkdfjnwt5ndacadcuas3deiq LendMi: f12mckci3omexgzoeosjvstcfxfe4vqw7owdia3da

@TrueBlood1 This signature was for LDN application # 975 which exists. No issue here. The link to GitHub didn't make it but you can search by using the client address.

[kevzak]

eneral Fil+ guidelines haven't changed and have always be

@TrueBlood1 thanks for flagging these but all of your examples do have client addresses listed so we can track the application. Sometimes a client name might not be listed on this view in datacapstats.io, but you should be able to search for the application in LDN github repo using the client address. Let me know if that helps.

[TrueBlood1]

More found:

Addresses
Fei Yan - Kernelogic: f1yjhnsoga2ccnepb7t3p3ov5fzom3syhsuinxexa
Genesis: f1mdk7s2vntzm6hu35yuo6vjubtrpfnb2awhgvrri

[TrueBlood1]

Addresses
DEFIL: f1dnb3uz7sylxk6emti3ififcvu3nlufnnsjui6ea
NDLABS: f1yayfsv6whu3rheviucvventj3y6t542xfpb47ei

[TrueBlood1]

Addresses
Fei Yan - Kernelogic: f1yjhnsoga2ccnepb7t3p3ov5fzom3syhsuinxexa
New Web Group: f1e77zuityhvvw6u2t6tb5qlnsegy2s67qs4lbbbq

[TrueBlood1]

Addresses
Tim Guo: f1yslbnnqzrjlyuxsmyxfbqcc7xthcavgpripjevi
New Huo Pool: f16karfxq7lxdy7izqrzrk75jf3not34k6sg6zvcy

[TrueBlood1]

Addresses
Genesis: f1mdk7s2vntzm6hu35yuo6vjubtrpfnb2awhgvrri
FogMeta: f1c5non5yf35avgcpsqvxu4yj54yyvxorwyjochqq

[TrueBlood1]

Addresses
FILWallet: f1qnumecdypgrbaebtkdfjnwt5ndacadcuas3deiq
ORIGIN Storage: f1q6bpjlqia6iemqbrdaxr2uehrhpvoju3qh4lpga

[kevzak]

More found:

Addresses Fei Yan - Kernelogic: f1yjhnsoga2ccnepb7t3p3ov5fzom3syhsuinxexa Genesis: f1mdk7s2vntzm6hu35yuo6vjubtrpfnb2awhgvrri

That's weird, even though showing unknown I found this one using f address: #1101 (comment)

[kevzak]

Addresses DEFIL: f1dnb3uz7sylxk6emti3ififcvu3nlufnnsjui6ea NDLABS: f1yayfsv6whu3rheviucvventj3y6t542xfpb47ei

found: https://github.com/filecoin-project/filecoin-plus-large-datasets/issues?q=is%3Aissue+f02519046

[kevzak]

Addresses Fei Yan - Kernelogic: f1yjhnsoga2ccnepb7t3p3ov5fzom3syhsuinxexa New Web Group: f1e77zuityhvvw6u2t6tb5qlnsegy2s67qs4lbbbq

found https://github.com/filecoin-project/filecoin-plus-large-datasets/issues?q=is%3Aissue+f02223359

[kevzak]

The two that do not exist are
5619
Addresses used
FILWallet: f1qnumecdypgrbaebtkdfjnwt5ndacadcuas3deiq
ORIGIN Storage: f1q6bpjlqia6iemqbrdaxr2uehrhpvoju3qh4lpga

5993
Addresses used
Tim Guo: f1yslbnnqzrjlyuxsmyxfbqcc7xthcavgpripjevi
New Huo Pool: f16karfxq7lxdy7izqrzrk75jf3not34k6sg6zvcy

cc @galen-mcandrew
thanks @TrueBlood1

[Chris00618]

More found:

Addresses Fei Yan - Kernelogic: f1yjhnsoga2ccnepb7t3p3ov5fzom3syhsuinxexa Genesis: f1mdk7s2vntzm6hu35yuo6vjubtrpfnb2awhgvrri

That's weird, even though showing unknown I found this one using f address: #1101 (comment)

That's because you're not familiar enough with the github platform, which often automatically deletes records and account information.

You should be focusing on records that clearly store junk data (like solana snapshots, etc), this time you're mistaken about what the point is again. @kevzak