$SIREN and $LIGHT are making the sky green, and here is something i learned about Sign( @SignOfficial ).
You assume revocation fixes errors. Bad credential? Revoke it in Sign( @SignOfficial ), mark it invalid in the registry, protocol updates immediately. Clean rollback.
I was checking the Q2 airdrop reconciliation when I found the sybil. Six wallets, all KYC-attested in March, all received allocations in April through TokenTable. Valid signatures, valid schemas, all on-chain. Except the provider revoked the original KYC attestations last week, found synthetic IDs.
Sign's revocation registry updated within minutes. Attestations show "revoked." The protocol layer is consistent.
But the distribution layer already committed. Tokens went out in April based on valid status. Contracts executed. The treasury has no clawback, I checked. The revocation proved the credential was bad, but didn't reverse the eligibility decision that already consumed it.
Now I'm staring at six addresses that shouldn't have received funds, with on-chain proof they shouldn't have qualified, and no way to recover the assets. Sign Protocol did what it promised. TokenTable did what it was told. But "reusable verification" meant the credential was consumed and relied upon, while revocation happened later.
Compliance wants to know if we can flag this as a control failure. Can't say it's a protocol bug, Sign worked perfectly. Can't call it a distribution bug, TokenTable followed status at execution.
The revocation created a ghost. A record that says "this was invalid" sitting next to a transaction that says "this was valid then." And my quarterly report has to explain why we paid sybils without having a category for "correctly processed invalid credentials."