Skip to main content
Sign in
Raft1 decision on this page

Audit log

Every state-changing event for Raft: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-27 18:53:47Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,560,467
    sig
    57LK9y8PUfPf…psv9S976explorer ↗
    hash
    FbYVjgafjCeV…CU9nBbzQsha256 → base58
    verifying row…full verify ↗
    canonical bytes (5411 B) ▸
    {"actor":"system:backfill","investigation_id":"6bb5a53f-0195-4fbc-a3fb-9b7e73163f69","kind":"publish","page_slug":"raft","published_at":"2026-05-27T18:53:47.226Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Raft","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://iq.wiki/wiki/raft","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/raft","type":"other","url":""},{"credibility":3,"name":"https://www.gate.com/learn/articles/all-you-need-to-know-about-raft/1113","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2023/11/10/defi-platform-raft-suffers-33m-exploit-but-hacker-likely-takes-a-loss-on-the-attack","type":"other","url":""},{"credibility":3,"name":"https://cryptodaily.co.uk/2023/11/security-audits-miss-vulnerabilities-as-raft-hacked-for-67m","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/?id=raft-hack","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2023/11/11/hacker-exploits-raft-finance-stole-1577-eth-just-to-burn-it/","type":"other","url":""},{"credibility":3,"name":"https://metatrust.io/blogs/post/when-hacking-goes-haywire-rafts-1570-eth-loss-takes-a-cosmic-detour-to-the-black-hole","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptodaily.co.uk/2023/11/security-audits-miss-vulnerabilities-as-raft-hacked-for-67m","type":"other","url":""},{"credibility":3,"name":"https://blockworks.co/news/audits-cannot-guarantee-defi-exploits","type":"other","url":""},{"credibility":3,"name":"https://hatsfinance.medium.com/raft-finance-audit-competition-final-note-16e87dce23a2","type":"other","url":""},{"credibility":3,"name":"https://hatsfinance.medium.com/get-ready-for-a-new-audit-competition-with-raft-finance-up-to-80k-in-prizes-d25349aec7e5","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2023/11/10/defi-platform-raft-suffers-33m-exploit-but-hacker-likely-takes-a-loss-on-the-attack","type":"other","url":""},{"credibility":3,"name":"https://www.chaincatcher.com/en/article/2105941","type":"other","url":""},{"credibility":3,"name":"https://www.theblockbeats.info/en/flash/194388","type":"other","url":""},{"credibility":3,"name":"https://www.aicoin.com/en/article/374606","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/raft","type":"other","url":""},{"credibility":3,"name":"https://blockworks.co/news/audits-cannot-guarantee-defi-exploits","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.rootdata.com/Projects/detail/Raft?k=ODE1MA%3D%3D","type":"other","url":""},{"credibility":3,"name":"https://www.gate.com/learn/articles/all-you-need-to-know-about-raft/1113","type":"other","url":""}]}],"sources_used":[],"summary":"Raft is a decentralized Ethereum CDP lending protocol that issued the R stablecoin, collateralized by liquid staking tokens (stETH, rETH). On November 10, 2023, an attacker exploited a precision loss vulnerability to mint approximately $6.7 million in unbacked R tokens, draining 1,577 ETH from the protocol and causing the R stablecoin to depeg by up to 50%. Due to a coding error the attacker burned 1,570 of the stolen ETH to an inaccessible burn address, effectively losing money on the attack; the protocol subsequently implemented a partial recovery plan offering approximately 42% restitution to affected users and announced plans to phase out the current version.","timeline":[{"date":"2021-05-01","event":"David Garai founds Tempus Finance, the parent organization behind Raft.","source":""},{"date":"2022-08-01","event":"Tempus Labs launches Nostra Finance on StarkNet.","source":""},{"date":"2023-03-01","event":"Raft protocol officially announced; enables borrowing of R stablecoin against stETH collateral on Ethereum mainnet.","source":""},{"date":"2023-06-01","event":"Raft deploys to Ethereum mainnet.","source":""},{"date":"2023-07-01","event":"Raft TVL peaks at approximately $64 million.","source":""},{"date":"2023-11-10","event":"Attacker uses flash loan of 6,000 cbETH to exploit precision loss vulnerability, minting ~6.7 million unbacked R tokens and draining 1,577 ETH (~$3.3M). Attacker burns 1,570 ETH by mistake. R stablecoin depegs by up to 50%.","source":""},{"date":"2023-11-10","event":"Raft pauses R stablecoin minting. Co-founder David Garai confirms the attack on X and pledges recovery effort using PSM funds.","source":""},{"date":"2023-11-13","event":"Raft publishes post-mortem report acknowledging audit failures and precision loss root cause.","source":""},{"date":"2024-01-01","event":"Raft finalizes recovery plan offering approximately 42% restitution to affected R stablecoin holders, funded by 3.96 million DAI from the PSM.","source":""},{"date":"2024-03-31","event":"Deadline for affected users to claim funds under the Raft Recovery Plan.","source":""},{"date":"2024-06-01","event":"Protocol TVL has declined to approximately $1.48 million; R stablecoin remains depegged with minimal liquidity.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision d769ef7d-c18a-465a-b45e-1db74d2ac8ba
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.