Test thread

Are you sure about the direction of the txs?

There are some nodes earning to this address it seems

Or does the faucet use a different hot wallet now?

We already throttle per address.
It’s possible to give one time keys to gateway people. If they were so inclined.

yeah, the faucet has a different hot wallet now.

I was counting the number of wallets in the database.

i could potentially tie indiviual wallet addresses to an ip address, but no more than 10% came from the same ip address and most came from unique.

i could write a tool that reports if someone that took a drip eventually uploaded a file or just transferred the funds to a shared wallet/mixer

but there is no way i know to tell what addresses are associated with the seed phrase.

so to give a social grant, there are a few options. not mutually exclusive.

• give a password protected interface to a community leader/mod (this could optionally bypass the rate limit)
• generate preauthorized tokens that can be given out (this could be used for promotions as well)

This is probably the better way.

I think it will come down to people asking a person, the people in control of the funds. The mods prob would not want to be responsible for anything like that

yeah, didn’t think you’d volunteer for that duty.

lol

oh, i can tell the status of the results of each attempt, because the byte count for each type of response is fixed

Some thoughts, given that faucets are / will / can be abused.

Maybe put a key in a forum topic that only user who’s registered and done a post or two can see ? You would assume a valid actor would register with the community and ask some basic questions.

Another popular one is to check L1 for some ETH balance.

Another one is to insert a 48hr delay on the payment, following the request and queue the drip, gives time to spot a drain attack, and abort transaction.

Rate Limit is a tricky one, given where we are today, maybe a maximum of 5 drips an hour or 20 in a 24 hour period, with maybe an option to top-up your wallet after 7 days, I guess the ETH isn’t going to go far.

I wouldn’t rely to heavily on the IP address, or the uniqueness of a ERC-20 Public key alone, as they can be scripted and rotated on bots, which will just spam your web endpoint to drain $1 worth of ETH, sad isn’t it…

I like the Captcha, I keep getting cats

I’m happy to put in a pull request, but wasn’t sure if this was related to your finals ? good luck didn’t want to overcomplicate what you have.

Jad

I’ve been in a cybersecurity and AI course for the last year, it didn’t cover as much as i hoped but in glad to be finishing.

A static key won’t work, once you have it you can just drain again.

I was trying to not to check for L1 eth as that defeats new users who might not want to KYC.

A delay is an idea, but complicates issuing a little as now it needs a cron to check for drips to release.

I could extend the ability to have a refresh drip, though that sounds more likely when we get to the native token and are not giving away ETH.

i don’t rely on ip address. and i knew the risk of easily created wallets, that’s why the captcha and rate limit were done early on.

Please issue pull requests, i just won’t get to them until i finish my last lab and the final.

I’m might turn off the faucet temporarily if it’s getting drained in the morning, just to give time to strategize.

Do you want to tie it to an forum account. Not as keep it, but you could use the forum.

You can take the user ID and grab their user info which includes how long they have been on the forum. You can also create a topic for this.

• They give their forum name.
• you check the user using the forum and see if they have been a member for a certain time or more. Say 7 days to stop cycling and bots.
• the faucet give a one time code.
• They then have to post that one time code in the topic
• They then go back to the facuet and enter the link they have to copy (using the chain button)
• the facuet checks the the URL to make sure its a valid topic/post reference. Then grabs the post using the URL and if the userID and one time code matches then they get the drip.

This way it takes time for them to do this. It validates its a real user and they actually have that account since they can post under the correct name.

The faucet should be such that it would just pay on behalf of some uploader, ie the ants and eth would never be directly accessible.
But that would require support from the network for such operation.

Indeed but KISS.

What am I missing by limiting payouts to one wallet every 72 hours and no more than say 20 payouts per hour overall?
Anybody who needs more than that for genuine app development can ask nicely in the forum.

I’ve paused the faucet for the day while I finish my schoolwork.

Southside, but those are higher drip rates than we currently allow?

At first blush, I’m concerned about tying the faucet to a forum post. The longer the thread grows, the more work the faucet has to do.

I had considered tying it to forum account, but I’m concerned that just moves the rate limit problem to the forum. It’s a possible solution though.

Obviously anyone can ask for funds in the forum, it just sucks that we can’t have a faster response time for a request.

I’ll give it some more thought. It looks like we’re going to have to lose privacy for the faucet.

Shit happens

its just a wee toley, no a steaming big jobby.

on a side note. How are you including the portion of my reply in your post?

I’d probably help me ocmmunicate more clearly.

Highlight and choose “Quote”

image1254×602 56.8 KB

I haven’t figured out how to create archives in the python API yet, so I can’t make a Dave like app that uploads the data for you.

Plus, due to the potential for a different kind of abuse, my little server isn’t prepared to accept a bunch of large files that are waiting to submit.

Finally, I don’t think this feature helps as directly as we want. (ie: testing Dave, api and cli tools).

We’ll need to solve this with more user friction.

Awesome. Thank you