Sybil Attack

Sybil attack in Web3 environment

Sybil Attack and Web3

Sybil attack is type of network service attack in which an attacker gaining a large influencing power by creating multiple pseudonymous identities. The attacker can act as if there are multiple users.
The vulnerability to Sybil attack depends on how easily new identity could be generated, which means Web3 ecosystem is strongly exposed to the danger of Sybil attack. In Web3, most of the accounts are in the form of anonymity and users can cheaply make new identities as many as they want.

Sybil Attack in Quadratic Voting

Sybil attack can happen very easily in QV. By creating multiple anonymous accounts, several voters with bad intentions can gain disproportionately large influence.
QV suppressed the concentration of power by increasing cost of voting sharply. But, user can split their account and pay linearly like one dollar one vote. (same amount of money per vote)
If someone wants to buy 10 votes with one account, he should pay
. However, after making 3 more accounts (total 4 accounts) and spend 25 from each, the person can exercise more voting power (
4×25=20>100=104 \times{\sqrt{25}}=20>\sqrt{100}=10
) without additional costs. If 99 more accounts (total 100 accounts) and spend 1 from each, it's the same as one dollar one vote.

Mitigating Sybil Attack

To mitigate QV, multiple account generation from one person should be prevented, but it is quite difficult to detect and block those actions on blockchain.
“Since QF weights the number of donations more than total donated, the malicious projects will receive more matched funds” _ Gitcoin
​Gitcoin, which funds Web3 projects based on Quadratic Funding (based on QV) also recognized the danger of Sybil attack.
Gitcoin chose to increase cost of attack by making identity verification complicated. By making attackers to put lots of effort into verifying their identities, it minimized the motive to attack.
However, it does not fundamentally prevent the Sybil attack. There is a centralization problem in which identity verification is processed outside the blockchain.


The solution beyond relying on third-parties to centrally verify ID is needed. The most reasonable solution is making attackers’ Sybil attack very inefficient, so they can voluntarily refrain from attacking.
D3LAB made voters voluntarily avoid choosing Sybil attack by suggesting new voting method, PQV.