Feedback needed: How to stop exploits in the upcoming quiz?

Hello Shiners,

Recently we launched our bridge to Matic (you can read about it here - Shine bridge to Matic is live!. Hello Shiners, | by ShineDAO | Sep, 2021 | Medium)

And because gas fees are much cheaper there it gives us a lot of room to experiment with different activities on chain. One of the first activities would be the quiz game where you can guess the answer to the question and collect your reward if you guessed correctly.

However, there is one challenge with this idea and that is: how do we solve the identity problem with the participants, meaning that we don’t have same users doing the quiz multiple times (and even creating a script) which extracts all the rewards from the pool?

Please give me your thoughts on this if you have any ideas out there.

4 Likes

Is there a way to make a dashboard where a user (once authenticated through new contributor registration) is able to access the quiz?

Perhaps it can be isolated to the user going alllllllllllll the way through onboarding
(to attend a community call? / with exception for participation and considering time differecnces)

  • What if there’s a time limit to how often anyone can take each quizzes?

I loved onboarding and I wonder if the quizzes can be created in the same manner and be associated somehow to onboarding process you have already created.

1 Like

This made me think of some kind of “contributor refer” where the referring user had contributed to some community task meaningfully (like some kind of social cred system, maybe source cred can be used somehow?) Just spit balling. Maybe too gatekeepy? idk.

I’ve seen several projects use BrightID or something similar to help with the integrity of their faucets. Some other cool ideas that’s been in my head for this exact thing:

  • Utilizing POAPs (or any NFT that is rewarded after a meeting, introduction, or participation in something) as proof. If the onboarding wallet doesn’t hold a single POAP then defer to manual interview (or delay until they obtain a POAP and have them re-apply).
  • Analyze wallet transactions, movements, and history to detect obvious bot activity (higher level, requires knowledgeable dev, possibly entering the AI/ML field… would be a pretty big project, maybe something that can even become a project in itself)
  • Implement strict anti-VPN and proxy measures on the page itself (not a huge fan of this as I am on a VPN 24/7 and it can be bypassed by those who are really really determined)

I see that SourceCred is in the pipeline, nice! Could definitely utilize SC as a tool as well.

2 Likes

interesting thoughts @LPX
I think some variant of your first suggestion is the way we will go. Right now we have the onboarding flow and maybe you can only do the quizz if you are successfully onboarded. Additionally we might have some additional waiting time that needs to pass since the onboarding