A bot. A simple “quiz” check. A removable bond with Telegram account through this bot.
Description and technical analysis:
Considering the fact that we will need the users to create an a Telegram account/use already existing one to join 2 groups to keep them informed about any of the network changes and stuff, it makes sense that we can use this part as a opportunity to not make the system more complicated and continue with Telegram. We will and we must have a Telegram bot with information about FreeTON, FAQ, some useful links and so on - I think our dev team may already have something on their mind about this, but for now, more importantly, we can have another one strictly for AirDrop system or we can implement this to the main bot, if we do this way, there should be a separate “AirDrop” button.
The bot starts with basically a “Welcome!” dialogue, tells the user what he can do at the moment, asking “Would you like to receive your first tokens via our AirDrop system?”
- there’s “
Not yet” options available. If the answer is “Yes” then we continue with “Have you already signed DOD?”.
- and again, “
No”. Yes - we continue, no - we say that the user is able to sign DOD via our Telegram bot right away(it’s pretty straightforward, but I don’t really see why it should be this way) or we can give them a link to https://freeton.org/dod.
- as we continue, bot starts describing why it’s important to be in these 2 groups, well simply because it will make their life easier on keeping their eye on the changes of the network and token changes. Then the bot says "In order to continue, you will need to join our FreeTON Community and TON Crystal groups (with clickable links). We continue with “
Not yet” buttons.
- the bot checks if there’s a valid given user in both Telegram groups using Telegram API.
Then says: “You’ll get N tokens, before you’re done, you’ll need to solve this short quiz.” There’s 3 images, in one of them there’s a logo of FreeTON with graphical artifacts and stuff so the bots wouldn’t be able to solve it. User solves it and sends a number or clicks on buttons at the bottom based on the correct answer. On correct answer the bot will say: Good. Since you’re waiting for your airdrop to come for now, there’s some cool features about FreeTON: and there’s random fact or info to keep users interested about FreeTON and its benefits, EITHER we can make some fun checks, maybe as an addition to previous, such as bot asking “What do you think, what is the coolest feature of FreeTON?”, with variants "It’s fast./It’s versatile./It’s secure./Every single one of them.
You’re may be wondering now, where I got these variants with exception for the last one? It’s simple, it’s in the middle of welcoming email from FreeTON. This way we may be somewhat sure that the user has signed DOD.
Ok, but where do we get users wallet address and what’s about fake accounts protection?
Before anything explained from above is going to happen, the user must bind their Surf account to the Telegram through bot(no, it’s not 2FA based). Single bind via button. Once this bond was done, bind button replaces with Unbind. When unbind button is pressed, there’s a default message “Are you sure?”, then a further message from the bot: you’ll need to wait
7/14/30/x? days to actually remove the bind.
7/14/30/x? days timegate will prevent abusers from using many wallet accounts and receiving AirDrop tokens while having just a single Telegram account. What will prevent using many fake Telegram accounts to spam AirDrop to the same exact wallet address? So, there’s 3 things we can see when AirDrop transaction happens in the blockchain that we can check as a certain fact later:
- recipient address.
- sender address. I’m almost 100% sure that the tokens for AirDrop wouldn’t come out of nowhere, from the void, there would be a “
0:a88888888888888” address or something, or a bunch of them.
- tokens. Not their value, but tokens themselves that we can “
mark” or make them serve a some specific function.
My solution for this as I can see:
bot will check if the given wallet address has already got their AirDrop from the address “
0:a88888888888888”, using a http request to blockchain explorer for example or by addressing the blockchain directly (I’m not sure what is the best option available from these two). If he haven’t got any tokens from AirDrop wallets, then he’s able to collect them, otherwise we make a notification “You’ve already got your AirDrop tokens previously”, when it comes to Surf, it should do the check the same way, if user is going to try to send their AirDrop tokens to someone else: it would only work if the recipient never had any transactions coming from AirDrop wallets. If a Surf user tries to send their AirDrop token
combined with “regular” tokens(he got 2 TONs from AirDrop and then bought 0.01 or got them somehow and wants to send 2.01 TONs), we can prevent this by “
marking” the AirDrop tokens in some way, differentiating them from regular tokens or by making them to serve a specific function as I mentioned earlier.
Where do we get the users wallet address to send AirDrop tokens? I think there should be a way to send some information on the way to the Telegram bot with provided
deeplink. Best case is if there’s a option to send not the direct wallet address, but a method/function of the current wallet session, for example:
User runs Surf > Clicks on “AirDrop” >
Deeplink sends the user to the bot with provided session > We call
temporary session.WalletAddress() or something like that, we immediately use the address to check something/to send the tokens and then delete it from bot’s memory. At least I hope there’s a similar way to this, if not, we can ask the user for his wallet address, maybe by pressing “Share my address” button in Surf and sending it to the bot - I don’t seem to like the latter variant it as it will store the address on Telegram servers.
- Sign DOD (Via Telegram bot, Main Site, or maybe even Surf app/web variant, whatever).
- Download Surf app/use website-based version.
- Start a dialogue with Telegram bot.
- Bind a Surf account to the Telegram bot and join 2 FreeTON groups.
- Complete a short quiz check.
- Receive AirDrop.
- Develop a bot with described abilities.
- Develop a secure way of passing a wallet address to the Telegram bot(if there’s nothing alike compared to the one I mentioned).
- It’s relatively clean.
- It’s safe against bots.
- It’s safe against abusers who would stack AirDrop tokens by sending them from different fake accounts to their main wallet.
- Doesn’t completely solve the problem of trading AirDrop accounts on the real market.
We can also provide a ton of useful information on their way of receiving AirDrop on each step, especially inside the Telegram bot.
Yes, it doesn’t solve everything completely, but I can’t personally think of many ways of solving these issues without providing some of the overused things such as referral system(send 25 links to obtain tokens), more strict and just more timegating, 2FA or KYC-based verification solutions; these contain their own unique flaws. We’re always balancing on a thin rope, as making abusers lives harder also makes regular users motivation drop and became less and less valuable.
That was my solution. I hope we can make things better with what I’ve managed to suggest.