If you reward people for talking to each other, somebody will write a script that pretends to talk to itself. This is a law of internet incentives that goes back to the SETI@home days, and we treat it as one of the load-bearing assumptions of the entire mining design. This post is about the reputation graph that keeps Sudo's pair-to-earn mining honest, what signals it uses, what we deliberately chose not to use, and why the design is not "pour a model on it" but a layered set of cheap on-device checks plus an expensive cross-wallet reputation graph.
Mining is the part of Sudo most exposed to economic adversaries, and it is the part we have spent the most time hardening. We want it to keep working a year from now, ten years from now, and a hundred wallets-per-hour from now.
The economics of farming Sudo
A farmer is anyone trying to extract mining rewards through inauthentic conversation — bots talking to bots, ten wallets of one person talking among themselves, a script in Eastern Europe simulating activity, take your pick. The threat is rational. SUDO trades on real DEXs, mining rewards are real tokens, and you can run quite a lot of automated infrastructure for the price of a single bag of mined SUDO.
There are two natural ways to discourage farming. The first is to make the rewards small enough that the labour-hour math doesn't work. We rejected this approach because it also makes the rewards too small for honest users to care. The second is to make rewards conditional on signals that are easy for humans and hard for scripts. This is the reputation graph.
What we explicitly do not trust
The temptation when designing an anti-sybil system is to lean on signals that look strong but turn out to be either trivially fakeable or invasive enough that they collide with the privacy promise.
We do not trust message length. Long messages are easy for a script to generate. Short messages are easy too. Length is uncorrelated with authenticity.
We do not trust message timing alone. Bots can sleep. Humans can react instantly. A naive "natural typing rhythm" classifier is a six-month head start for the next generation of bots that read the classifier's source code on GitHub.
We do not trust phone-number verification, KYC, biometrics or device fingerprints. Those are Web2 anti-sybil tools that depend on infrastructure Sudo refuses to operate. A Web3 messenger that needed your phone number would be a contradiction in terms.
We do not trust message content as a primary signal. Content moderation is hard, controversial and culturally bounded; using it as the basis for who earns crypto is a bad idea on several axes. Content might inform low-confidence flags but it does not drive the mining decision.
What we do trust is the structure of the conversation graph itself, which is much harder to fake than any local signal.
The reputation graph
Every Sudo wallet is a node. Every conversation between two wallets — long-running, two-way, with replies and reactions and shared context — is a weighted edge. The weights factor in conversational depth (how many messages, over how many days), reciprocity (does each side reply to the other), branching (does the conversation pull in third parties), and contextual variety (do you talk about more than one thing).
Reward weight on a given conversation is computed against the structure of the graph around it. A conversation between two wallets that have no other neighbours, no history, no overlapping communities and matching account ages is statistically suspicious. A conversation between two wallets each with hundreds of distinct neighbours, multi-month history and dense overlap with other neighbourhoods is statistically credible. The reward function rewards the second pattern and shrinks the first.
Crucially, the graph is computed in privacy-preserving form. Edges are stored on each participant's device with a homomorphic commitment that allows the relay to verify global properties (e.g. "this wallet's neighbour count is at least 10") without seeing the neighbour list itself. The mining contract reads aggregate proofs, not raw social data.
Catching a ring in real time
A farmer ring usually has a tell. Ten wallets controlled by one person talking among themselves form a tight clique with exactly the wrong shape: every node has a high edge weight to nine others and zero weight to anyone outside the clique.
The graph notices. As soon as a wallet's neighbourhood density crosses a threshold while its inter-neighbourhood diversity stays near zero, the wallet enters a "verification" state. Mining payouts pause for the wallet, the wallet's recent edges are downweighted, and a small zero-knowledge proof challenge is issued: prove that one of your conversation partners is a wallet with an independently established history, without revealing which one.
If the wallet can produce the proof, it returns to good standing and the back-paid mining rewards release. If it cannot, the wallet's cluster is quietly slashed. Slashing here means: future mining rewards from edges in that cluster are reduced for a probationary epoch, the wallet does not lose any pre-existing balance, and the slashing is not visible to other wallets — we do not want to publish a list of accused farmers.
The verification challenge is the part that took the longest to design well. Asking a wallet "prove you talk to humans" is a hard cryptographic prompt. The construction we landed on uses a Merkle proof over the wallet's neighbour set against an aggregated attestation of conversational diversity, with a one-shot revealed witness so the relay learns one bit of information ("this wallet has at least one credible neighbour outside its clique") and nothing more.
What we miss, on purpose
Reputation graphs are statistical, not perfect. We miss things; we accept that we miss things; we tune the false-positive rate well below the false-negative rate because punishing honest users is much worse than under-rewarding farmers.
The classes of attacks we deliberately under-punish include short-burst farming (a single ring that runs for a few days, extracts a small amount and goes dormant before the graph notices); friend-of-friend farming (where a sophisticated farmer puts their farm wallets in genuine communities to get diversity for free); and contractual farming (where one human pays many other humans to chat with them at scale, which is not really sybil but is still inauthentic).
We have not solved any of those yet. The roadmap below describes the work in progress.
What's on the roadmap
Three improvements to the reputation graph are in flight.
First, time-decayed edge weights with longer half-lives. The current implementation uses a thirty-day half-life on conversation edges, which means a ring can extract value before being noticed. We are extending the integration window to ninety days for the verification challenge — a ring that wants to look "credible" must sustain that fiction for a quarter, which is much harder than for a month.
Second, cross-room interference detection. A farmer that participates in real communities to build credibility is harder to spot, but their behaviour inside those communities tends to be measurably shallower than authentic members. We are adding per-room engagement quality features to the graph in a way that does not require reading message content.
Third, verifiable proof of personhood as an opt-in soft signal. If you have an attested proof of personhood (Sismo, Worldcoin, EAS), you can present it to the mining contract for a higher reward weight. Personhood is not required to mine — that would violate the no-KYC promise — but it is a way for users who already have such a credential to get cleaner rewards.
Why we publish this
A common objection to writing about anti-fraud systems is that the writeup teaches the adversary how to evade them. We disagree. The reputation graph is structural, not heuristic — there is no single classifier rule a farmer can read and avoid. Publishing the design strengthens the social contract: honest users understand why they are sometimes asked to verify, security researchers can audit the math, and the next generation of farmers learns that the system is not a black box vulnerable to a trick.
Mining is the part of Sudo that pays you to talk to people you already wanted to talk to. The reputation graph is what keeps it that way.