Flag "echo" transfers as imitations #2026
Conversation
| const chain = chainBuilder().build(); | ||
| const safe = safeBuilder().build(); |
There was a problem hiding this comment.
Nit: we could move these const to the line 61 (right after const echoLimit = BigInt(10);), so we have all in one place, wdyt?
| return ( | ||
| this.isSpoofedEvent(txInfo, prevTxInfo) || | ||
| this.isEchoImitation(txInfo, prevTxInfo) | ||
| ); |
There was a problem hiding this comment.
(This is more a general comment, no directly related to the PR code, and I think it's out of the scope)
As this TransferImitationMapper gets more complex, it is likely getting more computationally expensive. I think it's fine for now, but given this mapper is applied to each group of transactions, and if I'm not wrong it's deterministic, it'd be great to somehow cache/memoize whether a given transaction is an imitation one. Wdyt?
There was a problem hiding this comment.
I agree - we should look into caching the mapped entities (potentially across the project). I've noted it down for discussion.
Summary
Resolves #2025
An address poisoning vector we don't flag are incoming transfers of the same asset sent of minimal value, or "echoes". When sending a large amount of an asset, it is common to receive a low value of the same asset from a malicious actor in the hopes you copy their address and send to them instead.
This adds new logic to flag such transactions. If the receipt of a token occurs after it being sent, under a defined limit, it is deemed an "echo" and flagges as such.
Changes
mappings.imitation.echoLimitvalue