No funded issue found.
Check out the Issue Explorer
Be the OSS Funding you wish to see in the world.
Looking to fund some work? You can submit a new Funded Issue here .
Time left
Opened
Issue Type
Workers Auto Approve
Project Type
Time Commitment
Experience Level
Permissions
Accepted
Reserved For
PoC for resource-bound bot prevention (fraud resistance)
adexnetwork
proof-of-work, hashing, webgl, bots, security
## Prize title
PoC for resource-bound bot prevention (fraud resistance)
## Prize Bounty
777 DAI
## Challenge Description
### Problem
Online advertising is plagued by all types of fraud. One of the most prominent types is bot traffic and/or [click fraud](https://en.wikipedia.org/wiki/Click_fraud).
Simple methods of estimating user uniquiness such as using an IP do work, but are ultimately unsound because (1) users can share a single IP and (2) multiple IPs can be bought/rented through proxy networks.
The main problem we want to address here is that: despite the validator [limits](https://github.com/AdExNetwork/adex-validator/blob/master/services/sentry/lib/access.js), if you have a sufficiently large pool of IPs, you can keep POST-ing IMPRESSION/CLICK events, and they will be recorded.
**For background on AdEx, see [AdEx protocol](http://github.com/adexnetwork/adex-protocol). Please read this before starting work, it will give you essential context on how to build the solution.**
### Solution
It's fundamentally impossible to distinct bot traffic from human traffic (without methods that compromise privacy, such as KYC), but it is possible to make bot attacks more expensive without impacting UX for end users.
Initially, a property in `campaignSpec` will be added to enable the mechanism. When enabled, the validators would check for a PoW solution upon each `postEvents` (implemented in Sentry's `access` lib). It should work alongside the limiting mechanisms already present in the `access` lib (IP rate limiting).
What will be submitted is a `salt` and a `hash`. The hash must be a solution to some configurable difficulty, and the preimage must be `(salt, publisherAddr, eventType, timeFrame, IP)`. This way, you can't reuse solutions for different IPs/timeframes./publishers.
**The solution would be computed in the AdView using WebGL, leveraging GPU parallelism as much as possible, to prevent CPU-only servers being efficient.**
Furthermore, there could be a minimum size for the salt parameter because most residential IP proxy services are priced by data (e.g. 15$ per GB that's 50k impressions, so 20KB per impression.
The ultimate goal is to make bot-based fake traffic much more expensive, therefore rendering them economically unviable.
### PoW algorithm
It has to be decided what PoW algorithm will be used.
Essentially it boils down to: identify a hash/PoW algo that would be efficient on a GPU but inefficient on CPUs and can be implemented in WebGL, and then implement it.
ProgPOW or RandomX may be a good fit for this.
## Submission Requirements
Develop a proof-of-work library that is more efficient to run on the GPU through WebGL than on a single DigitalOcean CPU core (General Purpose droplet).
Apply it in the AdEx stack by submitting relevant PRs to the AdView and the Validator. Make in an optional feature triggered by a flag in `campaignSpec` and verified in the validator's `access` library.
A PR must be made to the following repositories:
* [AdView manager](https://github.com/adexnetwork/adex-adview-manager): add the algorithm that calculates the PoW solution here
* [AdEx validator](https://github.com/adexnetwork/adex-validator): add the algorithm to verify the solution here.
## Submission Deadline
30/03/2020
## Judging Criteria
Because of the complexity of the task, each submitted solution will be looked at individually to judge it's potential to prevent bot-based ad fraud.
The solution must be more efficient on a GPU through WebGL than on a CPU natively, and must be able to be computed in the browser without blocking the page.
## Winner Announcement Date
15/04/2020
Setup your profile
Tell us a little about you:
Skills
No results found for [[search]] .
Type to search skills..
Bio Required
[[totalcharacter]] / 240
Are you currently looking for work?
[[ option.string ]]
Next
Setup your profile
Our tools are based on the principles of earn (๐ฐ), learn (๐), and meet (๐ฌ).
Select the ones you are interested in. You can change it later in your settings.
I'm also an organization manager looking for a great community.
Back
Next
Save
Enable your organization profile
Gitcoin products can help grow community around your brand. Create your tribe, events, and incentivize your community with bounties. Announce new and upcoming events using townsquare. Find top-quality hackers and fund them to work with you on a grant.
These are the organizations you own. If you don't see your organization here please be sure that information is public on your GitHub profile. Gitcoin will sync this information for you.
Select the products you are interested in:
Out of the box you will receive Tribes Lite for your organization. Please provide us with a contact email:
Email
Back
Save
