generated from proofoftom/buidler-waffle-typechain-quasar
-
Notifications
You must be signed in to change notification settings - Fork 91
Attack Vector Taxonomy
Kirill Goncharov edited this page Jun 23, 2020
·
7 revisions
This page lists all* the known attack vectors of a fully trust-minimized clr.fund, with the purpose of deciding which to address vs. which to circumvent via trusted mechanisms for the MVP and each subsequent phase
*This is a work in progress -- please add attack vectors that are missing
| Attack Vector | Attack Objective | BrightId | MACI | Pre-select recipients | Mitigation 4 | Mitigation 5 |
|---|---|---|---|---|---|---|
| Making contributions to a given recipient from fake (aka sybil) accounts | Unfair share of matching funds | |||||
| Bribing individuals to contribute to a given recipient | Unfair share of matching funds | |||||
| Fill up the recipient list for a given round so that you are the only one who can receive funds | Unfair share of matching funds | |||||
| Fill up the message tree with spam to prevent others from sending messages | DOS / griefing | |||||
| Fill up the user tree to prevent others from contributing | DOS / griefing | |||||
| Fill up the recipient list with spam to prevent others from signing up as recipients | DOS / griefing | |||||
| Impersonate a project you don't own | Unfair share of matching funds | |||||
| Buy the contributor's private key | Unfair share of matching funds | |||||
| attack vector | objective |