The Implications of Crypto Rewards on RubyGems.org - RubyGems Blog
Recently, at RubyGems.org, we’ve encountered an unusual surge of empty packages, triggering an investigation by our team. This influx of pointless gems, referencing one of the reasonably popular packages, hinted at an attempt to manipulate the tea.xyz protocol. As with any potentially risky incident, we delved deeper into the motives and mechanics behind these submissions. This short article contains our investigation, the conclusions we’ve reached, and how, theoretically, individuals looking to abuse the system can distort the idea of rewarding OSS contributions.
The tea.xyz cryptocurrency creators claim that it came to life to enhance the sustainability of open-source software by rewarding projects based on their influence in the software ecosystem. It claims to utilize a ‘Proof of Contribution’ system, inspired by Google’s PageRank, to measure the impact of various OSS packages.
However, good intentions often come with challenges. At RubyGems.org, we began noticing a strange trend: the proliferation of empty gems. These gems weren’t harmful per se but were peculiar in their consistent reference to a mildly popular OSS package.
