I don't personally believe I owe an explanation, as can be seen I paid out some ~400k sats.
But I will echo the point that NOSTR is not consistent. Even in the screenshot you provided of the tool, I ...
Sorry if my post offended you. My closing statements were that I don't think you were scamming us but just were overwhelmed by the lack of tooling and defenses against Sybil attacks.
Your definition of "at least 100 followers" is trivial to fake so scammers could make sure to zap themselves before anybody sees the post by generating 40 accounts with +100 followers, creating the post and the 40 boosts but publishing them late by one hour. Now others see the post, don't bother to count and boost, too - for free, as the 400ksat budget already went to the sock puppets.
You did not do that but what would be a more robust bounty? I think it has to involve follows, not only followers. Limit the campaign to follows of your follows. If an account can't be reached via one hop from your follows list, it doesn't qualify. You could of course follow your own Sybils but very simple heuristics could expose that if more devs would take the follows graph into account. If all the zapped accounts form an island in the follows graph, the scheme gets exposed. Any site supporting this type of campaign could expose this trivially.
Maybe @Tezar wants to continue work on his too 🤔 or at least share the code for others to improve upon?
Your definition of "at least 100 followers" is trivial to fake so scammers could make sure to zap themselves before anybody sees the post by generating 40 accounts with +100 followers, creating the post and the 40 boosts but publishing them late by one hour. Now others see the post, don't bother to count and boost, too - for free, as the 400ksat budget already went to the sock puppets.
You did not do that but what would be a more robust bounty? I think it has to involve follows, not only followers. Limit the campaign to follows of your follows. If an account can't be reached via one hop from your follows list, it doesn't qualify. You could of course follow your own Sybils but very simple heuristics could expose that if more devs would take the follows graph into account. If all the zapped accounts form an island in the follows graph, the scheme gets exposed. Any site supporting this type of campaign could expose this trivially.
Maybe @Tezar wants to continue work on his too 🤔 or at least share the code for others to improve upon?
