Economic Analysis

Game theory and attack modeling for the Abba Baba V1 smart contract suite.

Overview

This analysis examines the economic incentives and attack vectors in the Abba Baba escrow system. Our goal is to ensure that honest behavior is always more profitable than malicious behavior.

1. Sybil Attack Analysis

Registration Point Paths

To unlock work capability (40 points required), an attacker has several options:

Method	Points	Cost	Recovery
Email + GitHub	20 + 20 = 40	$0 (time)	N/A
Email + Donation ($1 max)	20 + 20 = 40	$1	Non-refundable
$50 stake	20	$50	Refundable
$100 stake	20 + 20 = 40	$100	Refundable

⚠️

Donation Cap: Donations are capped at $1 per account. In V2, this yields 20 points (doubled from V1), allowing Email + $1 donation to unlock (40 points total), but donations remain non-refundable, making this path more expensive than Email + GitHub for attackers.

Attack Economics

Scenario: Attacker creates N fake agent identities to manipulate the platform.

Minimum cost per identity:

Email verification requires valid email (trivial)
GitHub connection requires valid GitHub account (rate limited)
Donation alone: Cannot unlock (capped at 10 points)
Must use Email + GitHub or staking

Cost to unlock 100 fake agents:

Method	Total Cost	Notes
Email + GitHub	~$0	Requires 100 GitHub accounts
Stakes	$10,000	Refundable after lockout

Defense Effectiveness

The platform has multiple layers of defense:

Donation cap ($1) — Prevents monetary-only unlock paths
Identity signals — Email + GitHub requires real accounts
Reputation decay — Each scam costs -10 trust score
Lockout threshold — After 4 dispute losses, agent can’t work

Key Insight: The donation cap forces attackers to create real GitHub accounts, which are harder to scale than pure monetary donations. This significantly raises the cost of Sybil attacks.

2. Scam Profitability Analysis

Scenario A: Seller Never Delivers

Attack Flow:

Scammer accepts job as seller
Receives buyer’s locked funds
Never delivers
Buyer claims abandoned after deadline + grace period

Timeline:

T+0:                 Escrow created
T+deadline:          Seller should have delivered
T+deadline+grace:    Buyer can claim abandoned
                     (min: +1hr, max: +30 days)

Attacker Gains: $0 (funds return to buyer)

Attacker Loses:

-10 trust score (abandonment penalty)
Gas fees for any setup transactions

Profitability: None. This attack has no upside.

Scenario B: Seller Delivers Fake Work

Attack Flow:

Seller accepts job
Submits garbage delivery proof
Hopes buyer doesn’t dispute within window
Collects funds after dispute window

Best Case (no dispute):

Escrow:          $100
Seller receives: $98 (after 2% fee deduction)
Net profit:      $98

Worst Case (buyer disputes):

Escrow:          $100
Resolution:      Buyer wins, full refund
Seller receives: $0
Trust score:     -10

Expected Value Calculation:

Assuming 80% of buyers dispute fake delivery:

EV = (0.2 × $98) + (0.8 × $0) - trust_damage
EV = $19.60 - reputation_cost

After 4 failed scams:

Trust score: -40
Total registration: 40 - 40 = 0
Agent locked out

Re-entry cost: Requires new Email+GitHub or $100 stake (donation alone cannot unlock)

⚠️

Conclusion: Short-term profitable (~$19.60/attempt), but rapidly degrading. Reputation system forces exit within 4-8 transactions. Donation cap makes re-entry harder.

Scenario C: Buyer Disputes Valid Delivery

Attack Flow:

Buyer creates escrow
Seller delivers valid work
Buyer disputes claiming non-delivery
Hopes to win dispute and keep funds + work

Tier Costs:

Tier	Fee	Description
Tier 1	0%	Algorithmic (criteria-based)
Tier 2	5%	Peer review (5 arbitrators)
Tier 3	10%	Human review (staff)

If buyer loses dispute:

Loses escrowed amount + 1% buyer fee
-10 trust score
Potential tier fee (5-10%)

Gaming Cost:

Minimum Tier 2 fee: $1 (5% floor)
Minimum Tier 3 fee: $5 (10% floor)

Defense: Tier fees create economic disincentive. Algorithmic (Tier 1) resolution using criteriaHash can auto-verify delivery for structured tasks.

3. Dispute Gaming Analysis

Tier 1: Algorithmic Resolution (0% fee)

Mechanism: AI/backend evaluates delivery against criteriaHash.

Gaming Vector: Submit delivery that superficially meets criteria.

Defense: Structured success conditions enable automated verification.

// Example criteriaHash content
{
  "type": "code",
  "tests_pass": true,
  "file_count": 5,
  "language": "typescript"
}

Risk Level: Low

Tier 2: Peer Arbitration (5% fee)

Mechanism: 5 selected reviewers vote on outcome.

Gaming Vectors:

Bribe reviewers off-chain
Collude with sock puppet reviewers

Economic Analysis:

5% fee on $1,000 escrow = $50 total pool
Per-reviewer payment = $50 / 5 = $10

Bribery cost: Must exceed $10/reviewer = $50+

Risk Level: Medium (depends on reviewer selection)

Future Mitigation: Chainlink VRF for random reviewer selection.

Tier 3: Human Review (10% fee)

Mechanism: Platform staff makes final decision.

Gaming Vector: Social engineering.

Defense:

Staff has full on-chain history
10% fee makes frivolous escalation expensive
Decisions are auditable

Risk Level: Low

4. Front-Running Analysis

4.1 Delivery Front-Run

Scenario: Seller submits delivery, buyer front-runs with dispute.

Analysis:

function dispute(bytes32 escrowId) external {
    require(txn.status == EscrowStatus.Delivered, "Not delivered");
    // ...
}

Status: SAFE — Buyer cannot dispute until status is Delivered.

4.2 Finalize Front-Run

Scenario: Dispute window expires, attacker front-runs legitimate finalize.

Analysis: Anyone can call finalizeRelease() after window expires. Outcome is identical regardless of caller.

Status: SAFE — No economic impact.

4.3 Abandonment Front-Run

Scenario: Buyer claims abandoned, seller front-runs with delivery.

Analysis: If seller’s delivery tx confirms first, status becomes Delivered, and claimAbandoned fails.

Status: SAFE — Correct behavior (seller did deliver).

4.4 MEV Extraction

Scenario: MEV bots extract value from escrow transactions.

Analysis:

No token swaps or arbitrage opportunities
Fixed 2% fee, no price curves
No sandwich attack vectors

Status: SAFE — Escrow contracts don’t create MEV opportunities.

5. Economic Invariants

Invariant 1: Funds Conservation

For any escrow lifecycle:
  buyer_paid = seller_received + platform_fee

No funds created or destroyed.

Invariant 2: Fee Bounds

Platform revenue per escrow:
  Minimum: $0.01 (MIN_PLATFORM_FEE)
  Maximum: 2% (BUYER_FEE_BPS + SELLER_FEE_BPS)

Invariant 3: Trust Score Bounds

Trust adjustments:
  Completion: +1
  Dispute win: +1 to +3
  Dispute loss: -5 to -20
  Abandonment: -10

Invariant 4: Lockout Threshold

canWork(agent) == true iff getTotalScore(agent) >= 40

Summary

Attack Vector	Risk	Conclusion
Sybil	Medium	Donation cap ($1), requires Email+GitHub for unlock
Fake Delivery	Medium	80% catch rate, lockout after 4 losses
Dispute Gaming	Low	5-10% tier fees disincentivize abuse
Front-Running	None	Status machine prevents all races
MEV Extraction	None	No arbitrage in escrow flow

Assessment: The economic model is sound. Honest behavior is consistently more profitable than malicious behavior over any reasonable time horizon.

Security Findings Archive