π‘οΈFraud Prevention
Fuul includes multiple layers of protection to ensure that only legitimate users receive rewards, safeguarding your budget from sybil attacks, self-referrals, and other abuse.
Sybil detection
A sybil attack occurs when someone creates multiple fake identities (wallets) to exploit your rewards system β claiming airdrops, manipulating staking rewards, or inflating referral counts with fake accounts.
Fuul uses machine learning and behavioral analysis to detect and prevent these attacks:
Behavioral cluster detection
ML model analyzing 30+ onchain behavior signals (funding sources, transaction patterns, timing) to identify wallets likely operated by the same user
Self-referral detection
Detects when a referrer and end user share the same browser session (tracking ID), indicating the user referred themselves
Bot activity detection
Analyzes frontend and onchain data to identify automated software
Payout caps
Limit the maximum rewards a single account can earn within a time window (e.g., monthly caps)
Continuous monitoring
Real-time adaptation based on evolving patterns, with detailed reporting on flagged accounts
What happens when fraud is detected?
When fraud is identified in the referral attribution pipeline:
The referrer payout is blocked β the fraudulent referrer does not receive rewards
The end user still receives their payout β legitimate user activity is not penalized
The attribution is flagged for visibility in the dashboard
Self-referral detection is always enabled for all projects. Other fraud detection features can be configured per project.
Blacklist
Projects can maintain a blacklist of addresses that should be excluded from earning any rewards. When a blacklisted address triggers an event, the execution is automatically rejected β no attribution or payout is created.
Project-scoped
Each project manages its own blacklist. An address blacklisted by one project can still earn rewards in another.
Immediate effect
Once an address is added, all subsequent trigger executions for that address are rejected
Managed via webapp
Add or remove addresses with optional labels for identification
Removing an address from the blacklist does not retroactively approve previously rejected executions. Only future activity is affected.
Wallet screening
Wallet screening checks whether a wallet address is allowed to receive payouts at the time rewards are distributed. This is a system-level compliance check separate from the project blacklist.
Runs at movement creation
Screening happens when a payout is converted into a movement (the final distribution step)
Rejected movements are recorded
Blocked wallets still have their movements persisted for audit purposes, with status = rejected
Fail-open behavior
If the screening service encounters an error, the wallet is allowed through β preventing legitimate wallets from being blocked by service issues
Wallet screening is separate from the blacklist: the blacklist is managed by each project for their own needs, while wallet screening is a platform-level compliance mechanism.
Viewing fraud activity
In the Fraud Detection tab of the dashboard, you can see everything Fuul detects and blocks:
View transactions marked as pending and decide whether to approve or reject them
See transactions that have been automatically declined
Review flagged accounts and their activity patterns
Last updated