[Forensics] KAG flow-graph

ZürichGnome · Mar 18, 2023

ZürichGnome said:
Records of type 1
These can be represented as flows on the arcs of a digaph

Code:

1 payment 3421

I'll fill in the details in the replies.
View attachment 2491

I have no idea what the GAPS account is (it's its name).
I stumbled on it while bumbling around smelling the roses. The Cold Wallet perhaps?

Work-flow
Alphabetic order:
E H I R
I slipped in the GAPS account fellow at the end of the list when i discovered its existence.
So not perfectly alphabetic.
Set bash variables:

Code:

linux> KAG_extract=../Blockchain-Exploration/KAG/stellar-export-20230223-1606.csv
linux> . ./KAG-set-main-account-symbols.sh 
linux> cat KAG-set-main-account-symbols.sh 
KAG_EmissionAccount=GCGTMT2X6NUV6ABEOAOSDI2YQ7FXQOQYKYA7KVZQ5ID67GQU3C6AIUGU
KAG_HotWalletAccount=GBTYCT2VVWURNU23ZSR3IPSXU6BRWT3ELIOQJAJOKGIHCLLE6YDX4A7E
KAG_InflationAccount=GBBVUAMR3CYNQKMNHVWCMUQVE3XQIL3WM5GSP5D6SCECKIZNNBT6FT7I
KAG_RootAccount=GAUCIFE37F4KQ5F6QPNSZ75QKRQTNRCF32FZNUXMCXUFSKRMWGF76LTI
KAG_GAPSAccount=GAPS3KZ4YVEL4UYFAGTE6L6H6GRZ3KYBWGY2UTGTAJBXGUJLBCYQIXXA

Check:

Code:

linux> set -o posix ; set | grep "KA[G]" | sort
KAG_EmissionAccount=GCGTMT2X6NUV6ABEOAOSDI2YQ7FXQOQYKYA7KVZQ5ID67GQU3C6AIUGU
KAG_extract=../Blockchain-Exploration/KAG/stellar-export-20230223-1606.csv
KAG_GAPSAccount=GAPS3KZ4YVEL4UYFAGTE6L6H6GRZ3KYBWGY2UTGTAJBXGUJLBCYQIXXA
KAG_HotWalletAccount=GBTYCT2VVWURNU23ZSR3IPSXU6BRWT3ELIOQJAJOKGIHCLLE6YDX4A7E
KAG_InflationAccount=GBBVUAMR3CYNQKMNHVWCMUQVE3XQIL3WM5GSP5D6SCECKIZNNBT6FT7I
KAG_RootAccount=GAUCIFE37F4KQ5F6QPNSZ75QKRQTNRCF32FZNUXMCXUFSKRMWGF76LTI

All good

Code:

cut -d= -f2 KAG-set-main-account-symbols.sh > Vertices
linux> cat Vertices 
GCGTMT2X6NUV6ABEOAOSDI2YQ7FXQOQYKYA7KVZQ5ID67GQU3C6AIUGU
GBTYCT2VVWURNU23ZSR3IPSXU6BRWT3ELIOQJAJOKGIHCLLE6YDX4A7E
GBBVUAMR3CYNQKMNHVWCMUQVE3XQIL3WM5GSP5D6SCECKIZNNBT6FT7I
GAUCIFE37F4KQ5F6QPNSZ75QKRQTNRCF32FZNUXMCXUFSKRMWGF76LTI
GAPS3KZ4YVEL4UYFAGTE6L6H6GRZ3KYBWGY2UTGTAJBXGUJLBCYQIXXA

For readability in the nested for loops that follow...

Code:

cut -d= -f2 KAG-set-main-account-symbols.sh > Vertices

Look at the system as a complete graph (includes self-loops)

Code:

for i in `cat Vertices`
do
  for j in `cat Vertices`
  do
    grep $i KAG-set-main-account-symbols.sh | cut -d= -f1
    grep $j KAG-set-main-account-symbols.sh | cut -d= -f1
#    printf "%s\t%s\n" $i $j
    sed '1d' $KAG_extract | sed 's/"//g' | awk -F, -v x="$i" -v y="$j" '(($5 == 1) && ($9==x) && ($10==y)) {sum_11 += $11} END {printf "%-10.2f\n", sum_11 }'
    sleep 5
  done
done

sed 1d instead of awk NR>1. Skips the header line.
sleep 5 to go easy on the external hard-drive. The OS may load it straight to RAM memory anyway.
The file is relatively small.
All these take next to no time on my home computer (1-2 seconds elapsed?)
Treating the system accounts as vertices on a digraph, sum all flows going in and out of each vertex.
Ignore user accounts for now.
The flows on the arcs are (5*5 flows on the complete directed graph of 5 vertices):

Code:

KAG_EmissionAccount
KAG_EmissionAccount
0.00      
KAG_EmissionAccount
KAG_HotWalletAccount
0.00      
KAG_EmissionAccount
KAG_InflationAccount
0.00      
KAG_EmissionAccount
KAG_RootAccount
0.00      
KAG_EmissionAccount
KAG_GAPSAccount
0.00      
KAG_HotWalletAccount
KAG_EmissionAccount
4729598.59
KAG_HotWalletAccount
KAG_HotWalletAccount
0.00      
KAG_HotWalletAccount
KAG_InflationAccount
0.00      
KAG_HotWalletAccount
KAG_RootAccount
0.00      
KAG_HotWalletAccount
KAG_GAPSAccount
2316416.15
KAG_InflationAccount
KAG_EmissionAccount
18477.12  
KAG_InflationAccount
KAG_HotWalletAccount
32563.77  
KAG_InflationAccount
KAG_InflationAccount
0.00      
KAG_InflationAccount
KAG_RootAccount
0.00      
KAG_InflationAccount
KAG_GAPSAccount
900.00    
KAG_RootAccount
KAG_EmissionAccount
3076312.15
KAG_RootAccount
KAG_HotWalletAccount
0.00      
KAG_RootAccount
KAG_InflationAccount
0.00      
KAG_RootAccount
KAG_RootAccount
0.00      
KAG_RootAccount
KAG_GAPSAccount
0.00      
KAG_GAPSAccount
KAG_EmissionAccount
0.00      
KAG_GAPSAccount
KAG_HotWalletAccount
400000.10 
KAG_GAPSAccount
KAG_InflationAccount
0.00      
KAG_GAPSAccount
KAG_RootAccount
0.00      
KAG_GAPSAccount
KAG_GAPSAccount
0.00

ZürichGnome · Mar 18, 2023

How to explore flows on one given arc.
Just illustrating technique (different tools).
Every time, I pass down into awk every possible bash shell variable known to man.
To save thinking too hard about mechanics.

Code:

linux> sed '1d' $KAG_extract | sed 's/"//g' | awk -F, -v e=$KAG_EmissionAccount -v h=$KAG_HotWalletAccount -v i=$KAG_InflationAccount -v r=$KAG_RootAccount -v u=$KAG_user '($9 == r) && ($10==e) { printf "%-10.2f%20s\n", $11, $6}' | sort -k2

Code:

10.00     2019-03-19T07:15:19Z
150000.00 2019-03-21T03:23:34Z
32.15     2019-04-01T12:42:17Z
97270.00  2019-05-14T05:35:48Z
200000.00 2019-09-03T07:46:15Z
200000.00 2020-06-15T02:00:39Z
60000.00  2021-02-16T10:47:41Z
70000.00  2021-02-19T06:56:57Z
167000.00 2021-02-22T06:00:56Z
332000.00 2021-02-22T07:28:11Z
200000.00 2021-02-24T22:46:10Z
500000.00 2021-03-02T06:42:01Z
200000.00 2021-05-17T06:33:22Z
400000.00 2021-05-19T07:09:09Z
200000.00 2022-01-11T05:54:00Z
300000.00 2022-01-21T01:33:48Z

Count how many flows:

Code:

linux> sed '1d' $KAG_extract | sed 's/"//g' | awk -F, -v e=$KAG_EmissionAccount -v h=$KAG_HotWalletAccount -v i=$KAG_InflationAccount -v r=$KAG_RootAccount -v u=$KAG_user '($9 == r) && ($10==e) { printf "%-10.2f%20s\n", $11, $6}' | sort -k2 | wc -l
16

Sum the flows:

using linux tool bc as calculator

Code:

linux> sed '1d' $KAG_extract | sed 's/"//g' | awk -F, -v e=$KAG_EmissionAccount -v h=$KAG_HotWalletAccount -v i=$KAG_InflationAccount -v r=$KAG_RootAccount -v u=$KAG_user '($9 == r) && ($10==e) { printf "%-10.2f%20s\n", $11, $6}' | sort -k2 | cut -c1-10 | paste -sd+ | bc -l
3076312.15

using awk as calculator

Code:

sed '1d' $KAG_extract | sed 's/"//g' | awk -F, -v e=$KAG_EmissionAccount -v h=$KAG_HotWalletAccount -v i=$KAG_InflationAccount -v r=$KAG_RootAccount -v u=$KAG_user '($9 == r) && ($10==e) {sum_11 += $11} END {printf "%-10.2f\n", sum_11}'
3076312.15

corresponds to the flow on the pic in OP
or here (also in post higher up from the nested for loops):

Code:

KAG_RootAccount
KAG_EmissionAccount
3076312.15

ZürichGnome · Apr 7, 2023

I may have made at least 2 mistakes so far in the work I did above 3 weeks ago:

- I looked at only 1 record type
- I overlooked that units can be parked (not on the move, not in flow)

After rework (details shown lower down and in the amended digraph included), I now hypothesize:

On Explorer main page at the top,

Instead of

Minting (The sum of all transfer amounts from Emission to non-Root accounts)
minus Redemption (The sum of all transfer amounts from Hot wallet to Emission or Root account)

I suggest:

Minting (The sum of all transfer amounts from Emission to user accounts)
minus Redemption (The sum of all transfer amounts from Hot wallet to Emission account)

or even simpler:

Minting = Outbound (E)
Redemptions = Flow (H, E)

Using CI's CSV extract flat file from DEC-2022 for no other reason than that's what I used for my KAG EPD forensic analysis a few days ago:

Minting
outbound (E) =
7431860.37
from result file in ZIP OUTBOUND-CI-sums-both-record-types
KAG_EmissionAccount
7431860.37

Redemptions
flow (H, E) =
4462596.98
from result file in ZIP K5-CI-all-flows-type-payment
KAG_HotWalletAccount
KAG_EmissionAccount
4462596.98

bc <<< "7431860.37 - 4462596.98"
2969263.39

That might correspond to

Total Coin in Circulation (Minting minus Redemption)

Previously I was focussed on

1) records of Type 1 ("payment") not Type 0 ("create_account")
2) flows along the arcs aka
transfers
Not on stocks

I included my updated KAG digraph.
K5?
=
complete graph on 5 vertices
(in practice, that means no user accounts aka no user vertices)
I deduce the traffic to and from user accounts by subtracting out the flows measured on the K5 from the INBOUND and OUTBOUND totals to each system account (vertex). Where relevant.

My Epson printer/ scanner writes to a PDF:

Code:

pdftoppm 'Scanned Document.pdf' KAG-digraph-Version-2
convert -resize 50% KAG-digraph-Version-2-1.ppm KAG-digraph-Version-2.png
eog KAG-digraph-Version-2.png

My code for this batch of forensics:
Set up environment:
(nothing new)

Code:

linux> echo $KAG_CI_extract 
../CI-dat/kag-raw.csv

linux> cat KAG-set-main-account-symbols.sh 
KAG_EmissionAccount=GCGTMT2X6NUV6ABEOAOSDI2YQ7FXQOQYKYA7KVZQ5ID67GQU3C6AIUGU
KAG_HotWalletAccount=GBTYCT2VVWURNU23ZSR3IPSXU6BRWT3ELIOQJAJOKGIHCLLE6YDX4A7E
KAG_InflationAccount=GBBVUAMR3CYNQKMNHVWCMUQVE3XQIL3WM5GSP5D6SCECKIZNNBT6FT7I
KAG_RootAccount=GAUCIFE37F4KQ5F6QPNSZ75QKRQTNRCF32FZNUXMCXUFSKRMWGF76LTI
KAG_GAPSAccount=GAPS3KZ4YVEL4UYFAGTE6L6H6GRZ3KYBWGY2UTGTAJBXGUJLBCYQIXXA

. ./KAG-set-main-account-symbols.sh

set | grep KAG | sort -t= -k2 | cut -d= -f2 > Vertices

linux> cat Vertices 
GCGTMT2X6NUV6ABEOAOSDI2YQ7FXQOQYKYA7KVZQ5ID67GQU3C6AIUGU
GAPS3KZ4YVEL4UYFAGTE6L6H6GRZ3KYBWGY2UTGTAJBXGUJLBCYQIXXA
GBTYCT2VVWURNU23ZSR3IPSXU6BRWT3ELIOQJAJOKGIHCLLE6YDX4A7E
GBBVUAMR3CYNQKMNHVWCMUQVE3XQIL3WM5GSP5D6SCECKIZNNBT6FT7I
GAUCIFE37F4KQ5F6QPNSZ75QKRQTNRCF32FZNUXMCXUFSKRMWGF76LTI

Work:
($3=="payment")

Code:

for i in `cat Vertices`
do
  for j in `cat Vertices`
  do
    grep $i KAG-set-main-account-symbols.sh | cut -d= -f1
    grep $j KAG-set-main-account-symbols.sh | cut -d= -f1
    sed '1d' $KAG_CI_extract | sed 's/"//g' | awk -F, -v x="$i" -v y="$j" '( ($3=="payment") && (($5==x) && ($6==y)) ) {sum_7 += $7} END {printf "%-10.2f\n", sum_7 }'
    sleep 5
  done
done > K5-CI-all-flows-type-payment

($3=="create_account")

Code:

for i in `cat Vertices`
do
  for j in `cat Vertices`
  do
    grep $i KAG-set-main-account-symbols.sh | cut -d= -f1
    grep $j KAG-set-main-account-symbols.sh | cut -d= -f1
    sed '1d' $KAG_CI_extract | sed 's/"//g' | awk -F, -v x="$i" -v y="$j" '( ($3=="create_account") && (($5==x) && ($6==y)) ) {sum_7 += $7} END {printf "%-10.2f\n", sum_7 }'
    sleep 5
  done
done > K5-CI-all-flows-type-create_account

All traffic (flows). Not only system accounts. Totals.
($3 == "create_account") || ($3 == "payment")

Code:

echo "INBOUND"
for j in `cat Vertices`
do
  grep $j KAG-set-main-account-symbols.sh | cut -d= -f1
  sed '1d' $KAG_CI_extract | sed 's/"//g' | awk -F, -v y="$j" '( ($3 == "create_account") || ($3 == "payment") ) && ($6==y) {sum_7 += $7} END {printf "%-10.2f\n", sum_7 }' 
  sleep 5
done > INBOUND-CI-sums-both-record-types

All traffic (flows). Not only system accounts
($3 == "create_account") || ($3 == "payment")

Code:

echo "OUTBOUND"
for i in `cat Vertices`
do
  grep $i KAG-set-main-account-symbols.sh | cut -d= -f1
  sed '1d' $KAG_CI_extract | sed 's/"//g' | awk -F, -v x="$i" '( ($3 == "create_account") || ($3 == "payment") ) && ($5==x) {sum_7 += $7} END {printf "%-10.2f\n", sum_7 }'
  sleep 5
done > OUTBOUND-CI-sums-both-record-types

Create the ZIP (attached)

Code:

zip -j KAG-digraph-Version-2-with-results.zip \
K5-CI-all-flows-type-payment \
K5-CI-all-flows-type-create_account \
INBOUND-CI-sums \
OUTBOUND-CI-sums \
pix/KAG-digraph-Version-2.png

Check ZIP:

Code:

linux> zip -sf KAG-digraph-Version-2-with-results.zip 
Archive contains:
  K5-CI-all-flows-type-payment
  K5-CI-all-flows-type-create_account
  INBOUND-CI-sums
  OUTBOUND-CI-sums
  KAG-digraph-Version-2.png
Total 5 entries (617836 bytes)

My ultimate goal:

- to understand how this animal works
- to provide simple linux tools available to everybody to hit a flat-file extract of the blockchain in an automated manner from the command line
- to create our own digital audits

[Forensics] KAG flow-graph

ZürichGnome

Active member

ZürichGnome

Active member

ZürichGnome

Active member

Attachments

Translate