If we only have authentication for wallet accounts, malicious users can construct multiple accounts through one wallet to participate in the airdrop hack game. But the number of assists per day or every period of time is limited, which doesn't seem to matter because what we need is user activity and more account addresses to participate in the airdrop slash activity
如果我们只有钱包账户的认证,那么恶意用户可以通过一个钱包构造多个账户来参与空投砍一刀的游戏。但每天或者每一段时间的助力次数是有限的,这看起来也没关系,因为我们需要的就是用户活跃度,需要的就是有更多的账户地址参与到空投砍一刀的活动中来
If we add user authentication for other centralized systems, it can alleviate the occurrence of such attacks, such as adding GitHub single sign on authentication, which incurs costs for attackers to create Git accounts.
如果我们增加其他中心化系统的用户认证则可以减轻这种攻击的发生,例如增加github单点登录认证,攻击者创建git账户是需要成本的。
Alternatively, we can add some restrictions to an airdrop pool after a certain amount has been stolen, such as requiring users who have traded once to assist (i.e. users with a nonce value greater than or equal to 1 can assist)
又或者我们可以在一份空投池在被抢掉一定数量之后,增加一些限制,例如必须是交易过一次的用户才能助力(也就是nonce 值为大于等于1的用户才能助力)
If we only have authentication for wallet accounts, malicious users can construct multiple accounts through one wallet to participate in the airdrop hack game. But the number of assists per day or every period of time is limited, which doesn't seem to matter because what we need is user activity and more account addresses to participate in the airdrop slash activity
如果我们只有钱包账户的认证,那么恶意用户可以通过一个钱包构造多个账户来参与空投砍一刀的游戏。但每天或者每一段时间的助力次数是有限的,这看起来也没关系,因为我们需要的就是用户活跃度,需要的就是有更多的账户地址参与到空投砍一刀的活动中来
If we add user authentication for other centralized systems, it can alleviate the occurrence of such attacks, such as adding GitHub single sign on authentication, which incurs costs for attackers to create Git accounts.
如果我们增加其他中心化系统的用户认证则可以减轻这种攻击的发生,例如增加github单点登录认证,攻击者创建git账户是需要成本的。
Alternatively, we can add some restrictions to an airdrop pool after a certain amount has been stolen, such as requiring users who have traded once to assist (i.e. users with a nonce value greater than or equal to 1 can assist)
又或者我们可以在一份空投池在被抢掉一定数量之后,增加一些限制,例如必须是交易过一次的用户才能助力(也就是nonce 值为大于等于1的用户才能助力)