F@h Faucet — Alpha 0.1 Testing

So how will one of the distribution methods work?

Published in

Tangram

5 min readJun 10, 2018

To solve the faucet you have to run a Folding@home work unit (WU). While the folding@home WU is running you are required to solve periodic captcha checkpoints.

ONE folding@home work unit (WU) = 30 mins on average hardware).

Periodic captcha checks are implemented during folding@home WU’s (reduced for testing to 15 mins to solve all captchas)

What is Folding@home?

Folding@home (FAH or F@h) is a distributed computing project for disease research that simulates protein folding, computational drug design, and other types of molecular dynamics. The project uses the idle processing resources of thousands of personal computers owned by volunteers who have installed the software on their systems— Wikipedia

Why use captcha checkpoints?

We want to ensure fairness and ultimately reduce any advantages available to bots in solving the faucet. Expensive computers with high end CPU’s are able to solve the f@h WU’s faster than other computers. This is simply unfair. With that in mind, our faucet is designed in a way that high-performance hardware may not solve the faucet faster than normal hardware. This is achieved by using periodic captcha checkpoints that are at equal intervals for everyone — regardless of whether the f@h WU is completed early or not. The minimum amount of time for a completed WU will be set based on completion times for average hardware (e.g. 30 minutes) and applied to ALL WU units completed no matter what type of system specs a user has.

Why Captchas + F@H instead of only Captchas?

We want to support a good cause. The F@h unit allows us to facilitate our distribution along with contributing to a scientific project that extends beyond our own community, as opposed to senseless captcha solving.

We want to prevent ‘faucet farming’. With the folding@home WU it is not possible to run a lot of faucets at the same time because your CPU load will get to high, which may crash your computer and result in a incomplete WU.

Professional faucet farmers have to take electricity costs in consideration.

Are the captchas too hard to solve?

We want to prevent people from using AI (deep learning systems) to automate captcha solving. With some practice the captchas are relatively easy for humans to solve.

Why don’t you reward per captcha solve (and separate captcha solving from the F@h WU)?

If a reward per solved captcha is given a professional captcha farmer does not have to account for electricity costs for the F@h WU. The result of a reward per solved captcha would likely lead to the use of automated captcha solving systems (e.g. deep learning) that will solve captchas 24/7 to receive the rewards (regardless of whether the reward per captcha is much smaller than the reward per solved f@h WU)

N.B — Last 2 points are under discussion and consideration.

Once you’ve started folding, take a look at the Tangram team statistics here: https://stats.foldingathome.org/team/234346

We’re calling on our community to help identify vulnerabilities in the F@H Faucet. Earn rewards for finding a vulnerability.

Rules & Rewards

Please see below before moving forward on identifying vulnerabilities

Issues that have already been submitted by another user or are already known to the Tangram community are not eligible.
Public disclosure of a vulnerability makes it ineligible.
Tangram’s core team, community managers and individuals who have had direct / indirect access to the faucet codebase are ineligible to submit any vulnerabilities.
Vulnerabilities submitted are considered by a number of variables in determining the reward. Determinations of eligibility, score and all terms related to an award are at the sole and final discretion of the Tangram vulnerability panel and may be further discussed with the Tangram community.

The value of the vulnerability will vary depending on Severity. The severity is calculated according to the OWASP risk rating model based on Impact and Likelihood (see below):

Reward sizes are guided by the rules below, but are in the end, determined at the sole discretion of the Tangram vulnerability panel.

Critical: up to 10 000 SNK
High: up to 5000 SNK
Medium: up to 2000 SNK
Low: up to 1000 SNK
Note: up to 500 SNK

Submit your vulnerability here: https://goo.gl/forms/ai3XsvJFNUizEI203

Important Information

The Tangram Faucet vulnerability testing program is an experimental and discretionary program for our active Tangram community members to encourage and reward those who are helping to improve the Tangram distribution method(s). It is not a competition. You should know that we can cancel the program at any time, and awards are at the sole discretion of Tangram vulnerability panel. Finally, your testing must not violate any law or compromise any data that is not yours.

References

If you have any further questions you may either submit them to info@getsneak.org or join the community Discord — https://discord.gg/Acf9vh

FAQ

Why haven’t I received any SNK through the faucet testing?

It can take between 1–3 hours in order for the F@h WU to be processed. You can either be notified by email when it completes or F@h will provide a link to View status. Example— https://stats.foldingathome.org/donor/sneak_coin_120089e8b0c8f (however you may receive a “Not Found” if this is the case F@h is processing the WU).

Will the required time to solve all captcha checkpoints remain at 15 mins?

No, this will be increased to 30 mins during faucet distribution, to increase fairness.