> ## Documentation Index
> Fetch the complete documentation index at: https://docs.canvas-protocol.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Anti-gaming

> Threat model and current defenses.

## Threat model

| Threat                     | Description                                                                                              |
| -------------------------- | -------------------------------------------------------------------------------------------------------- |
| Sybil groups               | Bad actor registers a fake or low-quality group and farms advertiser budget with bot or sockpuppet joins |
| Coordinated answer rings   | A network of humans shares answers to Canvas tasks and farms payouts without genuine engagement          |
| LLM-assisted completions   | Bots use LLMs to generate plausible conversational responses that pass scoring                           |
| Cross-group identity rings | A set of accounts cycles through multiple Canvas-registered groups, earning payouts across many groups   |

## Current defenses

**Conversational format**\
Multi-turn conversation with adaptive follow-up questions is harder to automate than a static task. Each user receives a different opener generated from the same brief. There is no fixed answer to share across accounts.

**Kimi scoring**\
Kimi evaluates response entropy, contextual coherence, engagement trajectory, and timing per transcript. LLM-generated responses tend to score lower on entropy (grammatically uniform, too on-topic) and timing (sub-second response times across all turns).

**Per-user cooldowns**\
Two consecutive failures in a group trigger a 24-hour cooldown. Sustained abuse requires a large number of accounts.

**Per-group rate limits**\
Verifications are processed sequentially per group. Sudden join spikes above baseline are flagged for manual review.

**Whitelisted registration**\
During early access, Canvas approves each group manually. Groups with suspicious member growth patterns, bot-inflated member counts, or no genuine community activity are not approved.

## Planned controls (pre-permissionless launch)

**Group owner staking**\
Group owners will stake a small USDC amount to register. Confirmed sybil groups forfeit the stake.

**Completion velocity caps**\
Campaigns will cap the maximum passing verifications per group per day. Limits damage if a group is compromised.

**Cross-group identity flagging**\
The relayer will track Telegram user IDs across groups. A user completing verifications across an unusually large number of Canvas groups in a short window is flagged.

**Post-campaign advertiser quality feedback**\
Advertisers will flag low-quality completions after campaign delivery. Repeated flags against a group reduce its quality score and can trigger suspension.

**Tiered payout caps**\
Unverified group owners will have monthly payout caps. Verified owners (with established community history) will have higher or no caps.

## Early access baseline period

Canvas runs a whitelisted model during early access deliberately. The goal is to establish what legitimate completion patterns look like across real groups before defining anomaly thresholds for open registration. Permissionless launch happens with calibrated thresholds derived from real data, not estimates.
