New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Thousands of unused Staker App smart contract wallets #365
Comments
You're too good, sir! I love this. Keep it up I will definitely give this a push to the forum. No room for sybillers. I just followed you on twitter and getting to know you're one of the team building Phi, A project I love so much really excites me more A DAO identifying airdrop farmers which is a vision of yours is interesting to me but it's painful to me that I have little to zero knowledge in coding but I really hope I can be useful in other areas. I'm in Chatting you on twitter soon |
Fuck me!!! 🥲 Despite reading this report and commenting few days ago, I forgot to check and compare addresses found here with my newly posted issue in #504 No problem, I will add more addresses from the ones I couldn't report due to timing constraints to the 430 that wasn't captured here. Also, I would be glad if you @PulsarNetwork can take a look at my findings in #504 and give me some recommendations before the team check it. |
Great job |
Thanks for the elaborate report. It is by far the best report we received as part of this initiative, thanks a lot for spending this effort. We were aware of Stakerapp, but didn't take the time to dig deeper. Also, as you've written before, it's most likely not the typical airdrop farming but rather unused pre-provisioned Safes. Since the SAFE allocation would be a waste, I think it's a valid report and should be considered. It's nitpicking a bit, but your list contains 4 Safes which don't just contain the swapOwner call: 3 made more than 1 tx:
1 Safe has some ETH stored:
I won't paste them all here, the complete list will be visible in the commit connected to this issue. This means a quite high reward, more in the range of the guardians program / Safe ecosystem allocation rather than the user allocation. Please use these Safe token wisely and we would appreciate if you'd become an active and vocal part of our community. |
Congratulations to you @PulsarNetwork |
Congrats! @PulsarNetwork |
Thanks so much @tschubotz and Safe community! Thank you for correcting the few misplaced addresses. Happy to see the tokens go to the right hands of Safe community without being wasted. It's my pleasure to be part of Safe community. I'll think carefully how I will use the tokens to strengthen the community. |
Related Safe Addresses
6913 addresses: https://github.com/PulsarNetwork/safe-analysis/blob/main/aggregate-66a0-df21-filtered.txt
10 samples:
Reasoning
TLDR
Staker App uses Gnosis Safe as the backbone of its smart contract wallet. It creates Safes in batches firstly. When a user signs up, it transfers the Safe ownership to user. Some Safes are never used by the user. Therefore, there is only 1 tx on chain which is the tx for ownership transfer.
Long Story
Background
StakerApp is a smart contract wallet built for HEX users. It allows users to set up a smart contract wallet of Gnosis Safe, trade and stake HEX tokens. All transactions including the wallet creation can be done without purchasing ETH to pay for gas. It is heavily integrated with Rockside, a transaction relay service to achieve gasless user experience.
Rockside website dashboard is no longer accessible, but the backend services seems to be running so far. From Rockside docs we can still get an idea of how it works. Mainly there are two ways
Rockside API calls user's Safe smart contract wallet to interact with dapps. doc link
Rockside API calls forwarder contract to interact with dapps. doc link
Wallet creation patterns
Due to the fact that Staker App had multiple major software updates in the past, there are multiple flows for smart contract wallet (i.e. Safe) creation. We identified 4 patterns that Staker App creates a Safe for user. User does not need to pay ETH in gas in all cases, but rather pay Staker App with fiat to compensate for gas.
S1: Staker Team uses Relayer to create a Safe for many different purposes https://etherscan.io/tx/0xcd75c29ee19a66e0bd1b7691ee9252411314bf76984a984e476ba2d0933ba4f6
A1: Relayer calls Forwarder to create multiple Safes https://etherscan.io/tx/0x146ec9289cb2d57c69100ef0dc150caf6a07826cbf2959f362060b28fda802bc
A2. Relayer calls Forwarder to transfer ownership from Manager 66a0 to user https://etherscan.io/tx/0xa0f04be575c53de59f75856f38273d6440dcc0526f5cdc88a2edc29f59727093
B1: Relayer creates multiple Safes
https://etherscan.io/tx/0x05a790f8677825db127804ff5a3546f856a9607dee5b174c248d506f92b023fd
B2(a) Manager 66a0 transfers ownership to user https://etherscan.io/tx/0x0108d222ace5900ce392a1c4842ae8db84f2f8b1b26885994cf0d83b9e06c73b
B2(b) Manager df21 transfers ownership to user https://etherscan.io/tx/0xa86a7890a54c3fddcd56fd6b2bc0a0e45de6be34e7d55586651390fd95f8a337
C1. Manager 66a0 uses Team's Safe to call Safe Multisend contract to create multiple Safes https://etherscan.io/tx/0xdd2d6e3c9ce3a02707ad8bcd9661ade26b88ceccdcfa6612cb521a20981e9441
C2. Manager df21 transfers ownership to user https://etherscan.io/tx/0x5a4425ab39f2dd170eb53733bfa44947c337041d16c34e9536448f36c56dc715
D1. Batch creator 5769 uses Team's Safe to create multiple Safes https://etherscan.io/tx/0xfc0b485a5c48d87ad2afc77ca3a29fec8059c8da5ed890f966136b9e04c8ef21
D2. Manager df21 transfers ownership to user https://etherscan.io/tx/0x8fcd0114b4e726811221dd00273df0c60b5e17535ece9bba7a7d452588cdf466
Summary of addresses
User activities
Since Staker App is designed for HEX users, many on-chain transactions are trading or transferring HEX tokens, and some are mistaken as sybils as in #331 and #166. I tend to be tolerant towards these wallets even though there are some repetitive behaviors, unless we have more concrete evidence that they perform repetitive actions on a large scale.
An example tx history of HEX user on Staker App is like this: https://etherscan.io/address/0x2dbb38ddd7ae50b215bd0359a2793974ad545f81#tokentxns. What's interesting about this address history is that, it only has one tx shown on etherscan "Transactions" section which is transferring ownership), yet it has token transfer history of trading HEX on Uniswap. This is because those token transactions (example) are initiated by Rockside relayer by calling a forwarder, and would not appear on the Safe's tx history.
Meanwhile, there are many smart contract wallet created by users but never used. In that case, the only tx history (not token transfer history) is the one for transferring ownership, initiated by one of the manager addresses 66a0 or df21.
Therefore, we must filter out these Safes with non-zero token transfer history to separate them with unused Safes.
Staker App user journey
Staker App is still available at: iOS, Android. We can actually install the wallet and try it out!
I downloaded the latest iOS version. The homepage looks like this (sorry, I took this screenshot after the wallet is being created, but you get the idea). Highlighted HEX statistics are a parallel world to our known crypto space, but they are also real!
Next, I chose to create a wallet. The first two steps are usual. It gave me a list of 24-word secret phrases and then asked me to confirm. Then it came the next step: I must purchase a smart contract wallet with App Store
I paid $9.99 with Apple Pay. Then it asked me to wait for the wallet creation. After a few minutes it's completed. I can see my wallet address:
0x11D71088349a062963523E2402CE4361D3B711C2 is the wallet I created on Sep-11-2022. By "creating" the wallet I mean paying with Apple Pay and then receiving the address in the App. This is from the user's perspective. From the on-chain history perspective, however, the the Safe wallet was created by the Batch Creator 5769 at tx 49 days ago. On Sep-11-2022, Manager df21 sends a tx to the Safe to update owners. You can see from the tx logs. It removes Manager 66a0 from the owner list and assigns a new owner. The new owner is just the EOA address for the secret phrases that I get from StakerApp.
This is the Flow D mentioned above. It's the latest flow. How about other Flows? We can confirm by the shared utilization of Manager df21, 66a0 and StakerApp Team Safe 58a0. All of them have been in use since the App's early days.
Even better, we can cross-validate on-chain tx history with StakerApp development history available on social channels. Here goes our final on-chain archeology section. We'll get to know the entire life of StakerApp through a series of hints.
Timeline analysis
Last page of Team Safe tx history
Conclusion
We are finally able to reconstruct the full picture with on-chain analysis, app user testing and social media validation. There are a lot of confusion over the Safes created by relayers and triggered by some centralized EOAs. Hope this analysis answers people's questions and most importantly, we are very confident to say that these Safes with only 1 incoming tx from 66a0 or df21 to configure the owner and without any token tx are unused StakerApp wallets.
Methodology
I already found those Safes with only 1 tx from 66a0 and df21 in #301 and #237. Combining them together, there are 7421 addresses: https://github.com/PulsarNetwork/safe-analysis/blob/main/aggregate-66a0-df21-raw.txt
Then, I ran this script to filter out those addresses with token transfer history. In the end 6913 addresses remained in the list. These are the final results.
Safe Address
0x984129b1C8D6048DF516D81f730475AF7D0E4223
Hope you like this report. Thank you for your time reading this!
The text was updated successfully, but these errors were encountered: