When round 9 attack happened she did some of the data analysis on contributions only using contribution graphs.
She looked at: Repeating, cancelled, amounts, patterns, & relations
A few people made extremely large amounts of contributions including 1 user with 1,000 donations. Half of these went to Etherdrops.
Contribution data is good for community gov because it is on site publicly anyway! We should make it easier for the community to get this data.
Half of bad contributer donations went to gitcoin grant because they were trying to establish legitimacy.
How much do they earn and how much do they lose? We need to understand which are the profitable patterns.
If you catch a suspicious grant & contributor, then you can see which other grants are probably bad. Same with contributors. This is due to the nature of the graphs.
When we catch them, they need to contribute to more legit grants thus raising the amount they need to give to legit grants.
Cost of gas + Amount donated to legit grants MUST BE HIGHER THAN the amount of matching attracted to bad grants.
Using rollups wasn't strategy in last time
We are always responding to last round. They start new behaviors, then we see what they are and respond. When we come up with sofisticatedsolutions, they will create more sofisticated attacks