Standart Grant : Fraudy Real-Time Fraud Detection on the Sia Network

Project Name: Fraudy: Real-Time Fraud Detection on the Sia Network

Name of the Organization or Individual Submitting the Proposal: TurnaLabs

Describe Your Project

Fraudy is an AI-powered real-time fraud detection system for the Sia decentralized storage network. It continuously monitors transactions, storage contracts, and host behaviors to detect fraud patterns such as storage contract abuse, fake hosts, and wallet-draining attacks.

The project will:

1. Analyze storage contracts for suspicious behavior.
2. Detect fake hosts attempting to manipulate the network.
3. Monitor transactions for double-spending, high-frequency withdrawals, and replay attacks.
4. Identify collusion fraud, where multiple hosts are operated by the same entity.
5. Use machine learning for predictive fraud detection.

This project will improve Sia’s security and trustworthiness by reducing fraud and abuse in decentralized storage.

Who Benefits from Your Project?

• Sia Network Users & Storage Renters: Protects users from losing funds due to fraudulent storage hosts.
• Storage Providers (Hosts): Increases network trust by identifying fake storage nodes.
• Sia Developers & Community: Provides an open-source fraud detection API that can be integrated into wallets and contracts.

How Does the Project Serve the Foundation’s Mission of User-Owned Data?

Fraudy aligns with the Sia Foundation’s mission of promoting decentralized, user-controlled data by:

1. Protecting user funds from fraudulent activities.
2. Ensuring secure storage contracts, so that users do not store data on malicious or fake hosts.
3. Enhancing trust in decentralized storage by preventing bad actors from manipulating the network.

Compliance Check

Are you a resident of any jurisdiction on this list? No
Will your payment bank account be located in any jurisdiction on this list? No

Amount of Money Requested : $45,000 USD

Budget Breakdown

Backend Development (Go & Sia API integration) : $15,000
Machine Learning Fraud Detection Model : $10,000
Web Dashboard & API Development : $7,000
Infrastructure (Servers, Redis, PostgreSQL, Sia Nodes, Storage) : $5,000
Security Audits & Testing : $4,000
Documentation & Open-Source Contribution : $4,000
Total : $45,000

Timeline with Milestones

2 Weeks : Set up infrastructure, Sia API integration, and database design
3 Weeks : Implement transaction streaming & real-time fraud detection for withdrawals
2 Weeks : Develop fraud rules for hosts & storage contracts
8 Weeks : Implement machine learning-based fraud detection for anomaly detection
6 Weeks : Develop web dashboard & API for fraud reporting
4 Weeks : Final testing, documentation, and open-source release

Total duration: 6 months

Potential Risks Affecting the Project

False positives in fraud detection → Mitigation strategy is using machine learning models & historical transaction analysis
Sia API changes or network instability → Maintain adaptable architecture and use redundant monitoring nodes
Scalability issues → Use Redis caching, PostgreSQL, and horizontal scaling strategies
Lack of adoption → Partner with Sia developers, wallets, and storage providers

Will all of your project’s code be open-source?

Yes, the core fraud detection system will be open-source under the MIT license.

Any closed-source components?

None planned, but if proprietary machine learning models are used, the dataset might remain private.

Where will the code be accessible?

GitHub Repository: Fraudy

Do you agree to submit monthly progress reports?

Yes, I will provide monthly updates on progress.

Contact Information

Email: [email protected]

Hello.

I am honestly not sure how something that was clearly designed for a smart contract chain makes sense to adapt to a storage network…

1. Contracts don’t have the same amount of complexity as a EVM or WASM contract. They store info about the funds, the data being stored (merkle roots), and probably some other details im forgetting off my head. They don’t actually store any private data and being based on BTC in design (UXTO), its not far off to say it would be like trying to judge lightning transaction data.
2. While Sia has had a few bad hosts in the past, this has not been an extreme issue, and my opinion is this makes more sense to be a function that is added into hostscore or siagraph then a dedicated full blown fraud detection.
3. This sounds like your trying to reinvent the BTC consensus system itself? Besides if there is a risk of exploits in the chain, that’s the foundations job to prevent it to begin with. And Sia has a 10 min block time, so unlike PoS chains, high-frequency withdrawals both isn’t a thing and is kind of subjective.
4. This I don’t think is as a big of a concern since renterd already filters hosts by their IP space, which while that can be gamed, it is also obvious that we will need professional hosters in the future that offers lots of storage under 1 IP/ID…
5. I think the above sums up this.

All in all I think detecting malicious hosts might be the only valuable idea here, and I think that can fit under an existing community tool rather than its own.

If you can give arguments to advocate why you think your ideas would benefit Sia and I might be wrong, feel free to post them.

At this time, I personally don’t support this proposal.

– A Sia community developer

Thank you for your feedback. I understand your concerns and would like to clarify how Fraudy can strengthen Sia’s security.

While Sia contracts are simpler than EVM contracts, they can still be abused (e.g., fake storage commitments, disappearing hosts, contract manipulation). A system that is safe today may become vulnerable with a 0-day exploit in the future, making proactive monitoring essential.

While high-frequency withdrawals may not apply, wallet draining, contract fraud, and collusion attacks remain valid threats.

Host fraud detection is a key focus, but renter-side fraud and storage abuse should also be addressed, including:

• Free Storage Abuse: Renters creating multiple accounts to exploit free storage.
• Zero Data Upload Scam: Renters creating contracts but never uploading files.
• Repeated Contract Cancellations: Frequent contract creations/cancellations to manipulate pricing.
• Storage Overload Attack: Uploading massive data and deleting it to disrupt hosts.

Wallet draining is something that’s effectively social engineering and way more applicable in smart contract nets with browser extension wallets. That is not something I see a concern outside users entering their seed phrase to a phishing site.

Contract fraud I think likely just falls under malicious hosts. and collusion I personally don’t see a concern right now.

• Free Storage Abuse: Renters creating multiple accounts to exploit free storage. → there is no one or way to get free storage unless your a centralized portal offering it to users, then its the portals obligation to police that.
• Sia is pay as you go. You upload data and pay for that as you use it. If you create a contract for data but never upload in the month… you just get your money back…
• Contract cancellations aren’t a thing AFAIK. You create a contract for a time period and lock money into it. That contract expires, you get whats unused.
• Storage overload to me sounds theoretical at this point, and uploading actually costs the renter, so the hosts are making money off that attack, assuming they set an upload price. If they don’t… they can simply increase their prices to discourage that behavior.

I agree with PCFreak in many points. There is simply no free storage on Sia. And zero data upload isn’t a scam. It’s like you buy an entry pass for a gym and never use it, it doesn’t hurt anyone (well, except the cases when the hosts lock in excessive collateral, but that can be regulated).

While I, as a developer, could potentially be interested in detecting malicious hosts for HostScore, this project is completed, and I’m not going to apply for a funding any time soon, so you’d have to apply for a separate grant.

I’ll let the others judge if the network needs a detection of any security breaches, but I would question the usefulness of such, because in many cases, these are detected when they have already happened and it’s too late.

Thanks for your proposal to The Sia Foundation Grants Program.

After review, the committee has decided to reject your proposal citing the following reasons:

• The Sia network doesn’t have a lot of need for this, or ability for something like this to function correctly.
• We’re not entirely sure what fraud this could uncover on the network. Many of the items listed in your proposal are not relevant fraud avenues for Sia. If you can point to Sia-specific items that could be detected that would be helpful for the committee to understand better.

We’ll be moving this to the Rejected section of the forum. Thanks again for your proposal, and you’re always welcome to submit new requests if you feel you can address the committee’s concerns.