How does signature-based drop prevent MEV stealing?

[robertu7]

Signature-based drop

Each entry of the drop contains private key which is used to sign the address of the receiver. This is done to safely distribute the drop and prevent MEV stealing.

In my understanding, though claim of CumulativeMerkleDrop is an external function that anyone can call, its receiver can receive drop tokens without any harm?

Could you explain more about how signature-based drop prevents MEV stealing? Thanks!

[k06a]

@robertu7 QR code contains Private Key, this PK is used to create signature which is argument of the method.

[k06a]

To steal this drop you have to know this Private Key. You can’t fake it’s signature.

[robertu7]

But it's not related to MEV right? This method can protect anyone who doesn't know the private key.

QR code contains Private Key, this PK is used to create signature which is argument of the method.

I am really curious how QR code works, is the private key append as a query string to a claiming website URL, so we can do the rest on client-side? Any demo we can try?