Skip to main content
Sign in
Pickle Finance1 decision on this page

Audit log

Every state-changing event for Pickle Finance: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-30 19:10:28Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 423,217,213
    sig
    2DUfBk3JsoPf…KCMdTC58explorer ↗
    hash
    E2gMtFxHPMzS…ruLEq1wrsha256 → base58
    verifying row…full verify ↗
    canonical bytes (6098 B) ▸
    {"actor":"system:backfill","investigation_id":"38e6185e-4f23-4b8e-bba3-079c35de72e6","kind":"publish","page_slug":"pickle-finance","published_at":"2026-05-30T19:10:28.687Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Pickle Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/kind-of-a-big-dill-picklefinance-tvl-exceed-347m-in-4-days","type":"other","url":""},{"credibility":3,"name":"https://picklefinance.medium.com/pickle-finance-launch-beea2eb8eacb","type":"other","url":""},{"credibility":3,"name":"https://docs.pickle.finance","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptotesters.com/review/what-is-pickle-finance","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/defi/pickle-finance-sounds-like-a-joke-but-it-wants-to-bring-stability-to-defi","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-defi-protocol-pickle-finance-hack-nov-2020","type":"other","url":""},{"credibility":3,"name":"https://github.com/banteg/evil-jar/blob/master/readme.md","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/pickle-finance-rekt","type":"other","url":""},{"credibility":3,"name":"https://picklefinance.medium.com/pickle-was-hacked-and-there-has-been-a-loss-of-funds-414b99969c29","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/pickle-finance-rekt","type":"other","url":""},{"credibility":3,"name":"https://docs.pickle.finance/security/audits-and-timelock/smart-contract-audits","type":"other","url":""},{"credibility":3,"name":"https://immunebytes.com/blog/pickle-finance-exploit-nov-21-2020-detailed-analysis/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://picklefinance.medium.com/pickle-was-hacked-and-there-has-been-a-loss-of-funds-414b99969c29","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/pickle-finance-rekt","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-defi-protocol-pickle-finance-hack-nov-2020","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.theblock.co/post/85585/defi-merger-yearn-pickle-finance","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/yearn-finance-absorbs-pickle-to-boost-defi-rewards","type":"other","url":""},{"credibility":3,"name":"https://x.com/picklefinance/status/1331287296637693954","type":"other","url":""},{"credibility":3,"name":"https://www.nasdaq.com/articles/defi-protocol-pickle-finance-token-loses-almost-half-its-value-after-$19.7m-hack-2020-11","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://picklefinance.medium.com/pickle-finance-closing-the-jar-7996fe4ecd94","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-defi-protocol-pickle-finance-hack-nov-2020","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/pickle-finance-rekt","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/49149/pickle-finance-hack","type":"other","url":""}]}],"sources_used":[],"summary":"Pickle Finance was a DeFi yield aggregator launched in September 2020 that allowed users to auto-compound returns via tokenized strategy vaults called 'Jars.' On November 21, 2020, an attacker exploited a combination of smart contract vulnerabilities in the unaudited ControllerV4 contract to drain 19,759,355 DAI (~$19.7 million) from the pDAI Jar in what analysts described as one of the most technically complex DeFi exploits of its era. The protocol subsequently partnered with Yearn Finance, issued a CORNICHON compensation token to victims, and continued operating until it announced a full shutdown effective October 1, 2025.","timeline":[{"date":"2020-09-11","event":"Pickle Finance launches on Ethereum at block 10838600 with a fair-launch PICKLE token distribution and no pre-mine.","source":""},{"date":"2020-09-15","event":"Protocol TVL surpasses $347 million within four days of launch, driven by DeFi Summer yield farming demand.","source":""},{"date":"2020-10-03","event":"MixBytes commences a smart contract audit covering ControllerV3 and existing Jar strategy contracts.","source":""},{"date":"2020-10-20","event":"HAECHI AUDIT completes its review of Pickle Finance smart contracts, covering ControllerV3 scope.","source":""},{"date":"2020-10-23","event":"ControllerV4 is deployed to mainnet with the new swapExactJarForJar() function, outside the scope of both completed audits.","source":""},{"date":"2020-11-21","event":"Attacker drains 19,759,355 DAI from the pDAI PickleJar using the 'Evil Jar' exploit, combining unvalidated jar swaps, code injection via CurveProxyLogic, and incorrect dust classification of cDAI. PICKLE token falls ~50%.","source":""},{"date":"2020-11-22","event":"Pickle Finance governance multi-sig granted emergency powers via Timelock at 3:15 PM UTC. CurveProxyLogic converter revoked from Controller one minute later, eliminating the attack vector.","source":""},{"date":"2020-11-24","event":"Yearn Finance and Pickle Finance announce a collaboration. CORNICHON compensation token introduced and distributed proportionally to hack victims based on pDAI Jar balance snapshot.","source":""},{"date":"2025-07-01","event":"Pickle Finance announces protocol shutdown, citing bear market conditions and saturated yield-aggregator market. 170,280 USDC treasury to be distributed to token holders.","source":""},{"date":"2025-10-01","event":"Pickle Finance UI disabled. Protocol fully sunsets after approximately five years of operation.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision fd90814c-2ac4-43b7-9e34-a5d185b941cb
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.