Audit log

Every state-changing event for Silo Finance: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-29 17:31:36Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 422,984,247

   sig

   3JHF5JeYvdRS…7YKvQ76ncopyexplorer ↗

   hash

   6uXrbpqCEtow…THhZD3TJcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (6526 B) ▸

   {"actor":"system:backfill","investigation_id":"56838e34-4563-4210-9f8e-bc439f96bf7c","kind":"publish","page_slug":"silo-finance","published_at":"2026-05-29T17:31:36.763Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Silo Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/silo-protocol/silo-is-live-in-beta-mainnet-94b6b0164258","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/silo-v1","type":"other","url":""},{"credibility":3,"name":"https://gov.silo.finance/t/a-plan-to-deprecate-xai-stablecoin/443","type":"other","url":""},{"credibility":3,"name":"https://nansen.ai/post/what-is-silo-finance-defis-risk-isolated-lending-markets","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/silo-protocol/vulnerability-disclosure-2023-06-06-c1dfd4c4dbb8","type":"other","url":""},{"credibility":3,"name":"https://medium.com/immunefi/silo-finance-logic-error-bugfix-review-35de29bd934a","type":"other","url":""},{"credibility":3,"name":"https://medium.com/certora/silo-finance-post-mortem-3b690fffeb08","type":"other","url":""},{"credibility":3,"name":"https://www.certora.com/blog/silo-finance-post-mortem","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://hackmd.io/@yesthatdog/silo-whitehat","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://devdocs.silo.finance/security/audits-and-formal-verification","type":"other","url":""},{"credibility":3,"name":"https://cryptopanic.com/news/16005261/RT-SiloFinance-4-Silo-v111-is-audited-by-ABDK-amp-Quantstamp-The-deployed-version-differs-from-the-audited-one-Read-about-the-audi","type":"other","url":""},{"credibility":3,"name":"https://www.certora.com/reports/silo-report","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://silopedia.silo.finance/silodao/usdsilo","type":"other","url":""},{"credibility":3,"name":"https://iq.wiki/wiki/silo-finance","type":"other","url":""},{"credibility":3,"name":"https://resources.silo.finance/governance/the-silo-dao","type":"other","url":""},{"credibility":3,"name":"https://www.coingecko.com/en/coins/silo-finance","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://silodocs2.netlify.app/docs/security/risks/","type":"other","url":""},{"credibility":3,"name":"https://silopedia.silo.finance/risks/overview","type":"other","url":""},{"credibility":3,"name":"https://gov.silo.finance/t/a-plan-to-deprecate-xai-stablecoin/443","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/silo-v1","type":"other","url":""},{"credibility":3,"name":"https://hackmd.io/@yesthatdog/silo-whitehat","type":"other","url":""},{"credibility":3,"name":"https://immunefi.com/bug-bounty/silofinance/","type":"other","url":""}]}],"sources_used":[],"summary":"Silo Finance V1 is a non-custodial isolated lending protocol launched on Ethereum mainnet in August 2022, enabling permissionless markets for long-tail crypto assets by confining risk to individual lending pools (Silos). The protocol experienced two security incidents in 2023: a critical interest rate manipulation vulnerability discovered by a white-hat researcher (no user funds lost) and a white-hat drain of approximately $45,000 in SILO incentive tokens due to a separate contract flaw. The deployed production version of V1 diverges from the audited codebase, a risk the team has publicly acknowledged but not fully remediated through re-audit.","timeline":[{"date":"2021-12-01","event":"SILO governance token launch; protocol begins minting 1 billion tokens over four years.","source":""},{"date":"2022-01-01","event":"Early community airdrop distributed to initial participants.","source":""},{"date":"2022-04-01","event":"SILO token reaches all-time high of approximately $1.05.","source":""},{"date":"2022-05-07","event":"Certora begins formal verification of Silo V1 protocol; process runs through July 15, 2022.","source":""},{"date":"2022-07-15","event":"Certora formal verification completes; five issues uncovered (two high, three medium) that ABDK and Quantstamp had missed.","source":""},{"date":"2022-08-01","event":"Silo V1 launches in beta on Ethereum mainnet with nine pools capped at 500 ETH each.","source":""},{"date":"2022-09-01","event":"Silo V1 full public launch on Ethereum mainnet.","source":""},{"date":"2023-02-01","event":"Silo V1 deployed on Arbitrum.","source":""},{"date":"2023-04-27","event":"White-hat researcher @kankodu reports critical interest rate manipulation vulnerability (IRMv1) via Immunefi; estimated $3 million at risk on Ethereum mainnet.","source":""},{"date":"2023-05-01","event":"New interest rate model (IRMv2) coded, tested, and deployed on Arbitrum markets, capping utilization at 100% and interest at 10,000% per year.","source":""},{"date":"2023-05-07","event":"Governance proposal executed on Ethereum to transfer control and apply IRMv2 fix to mainnet markets.","source":""},{"date":"2023-05-10","event":"Certora begins formal verification of IRMv2 fix.","source":""},{"date":"2023-05-24","event":"Certora confirms IRMv2 eliminates all identified exploit vectors; no user funds were lost.","source":""},{"date":"2023-06-06","event":"Silo Finance publishes public vulnerability disclosure detailing the IRMv1 flaw, attack mechanics, and remediation. Immunefi publishes bugfix review. Bounty of 100,000 USDC awarded to researcher.","source":""},{"date":"2023-07-21","event":"RAMSES protocol discovers vulnerability in Silo incentives contract allowing full drain of approximately $45,000 in SILO tokens. Immunefi closes bug report as out-of-scope. RAMSES performs white-hat drain to RAMSES Treasury.","source":""},{"date":"2023-07-22","event":"RAMSES contacts Silo team directly; drained funds returned in full. Both parties attribute communication failure to Immunefi triage process.","source":""},{"date":"2024-01-01","event":"Governance proposal to deprecate XAI stablecoin published, citing peg instability and pool imbalances.","source":""},{"date":"2024-01-01","event":"Silo Finance publishes 2024 roadmap announcing transition toward V2 architecture.","source":""}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 7b847416-b0dd-4716-a96e-87f697a2d895copy
2. #2reviewby reviewerreviewer

   2026-06-09 23:46:57Z
   Score: 52 → 52 (no score change)
   The investigation page is largely accurate and well-sourced. The core security incidents (IRMv1 vulnerability, RAMSES white-hat drain, audit divergence) are confirmed with high fidelity. The main weaknesses are minor date discrepancies (IRMv2 Arbitrum deployment, Immunefi review publication, 2024 roadmap date), a slight ATH price overstatement ($1.05 vs the $0.91-$0.96 range in primary price trackers), one cryptopanic link returning HTTP 403, and a significant omission: a $545K exploit of a leverage contract on June 25, 2025 is entirely absent from the page, representing a material gap given it is within the investigation's coverage scope.
   anchoranchored

   chain

   ●mainnet-betaslot 425,430,293

   sig

   cdWH6qBttHyV…zGaXKUxocopyexplorer ↗

   hash

   GCxngRLr3jnB…LWxSbZKNcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (995 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-09T23:46:57.577Z","decision":"review","investigation_id":"56838e34-4563-4210-9f8e-bc439f96bf7c","new_score":52,"page_slug":"silo-finance","prev_score":52,"reason":"The investigation page is largely accurate and well-sourced. The core security incidents (IRMv1 vulnerability, RAMSES white-hat drain, audit divergence) are confirmed with high fidelity. The main weaknesses are minor date discrepancies (IRMv2 Arbitrum deployment, Immunefi review publication, 2024 roadmap date), a slight ATH price overstatement ($1.05 vs the $0.91-$0.96 range in primary price trackers), one cryptopanic link returning HTTP 403, and a significant omission: a $545K exploit of a leverage contract on June 25, 2025 is entirely absent from the page, representing a material gap given it is within the investigation's coverage scope.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 9c9d6b77-802c-4b09-9f1c-e26fc2b00ed3copy
3. #3review approveby judgejudge

   2026-06-09 23:46:57Z
   Score: 52 → 47 (-5)
   The review found zero disputed claims across 22 checked (4.5% disputed_pct, entirely from partially_supported findings), placing this page firmly in the approve band. The five partially-supported findings are all minor: off-by-one date discrepancies in claim_findings[13] and [14] (IRMv2 Arbitrum deployment date, Immunefi bugfix review publication date), a ~10% ATH price overstatement in claim_findings[7] ($1.05 vs $0.91-0.96 on primary trackers), and a roadmap publication date error in claim_findings[22]. Core security incident claims — the IRMv1 vulnerability, RAMSES white-hat drain, and audited-vs-deployed divergence — are all confirmed by Tier 1 sources. A small score penalty of -5 is applied to account for the minor inaccuracies and one instance of link rot (cryptopanic citation, HTTP 403). The high-priority coverage gap — a June 2025 $545K exploit of a pre-release leverage contract — is a material omission that warrants editorial expansion but does not invalidate the existing V1 investigation content.
   anchoranchored

   chain

   ●mainnet-betaslot 425,430,297

   sig

   5JBDrDCG8BQT…4qPcZR6Fcopyexplorer ↗

   hash

   Cn5EHoHcYDkg…WJKousJscopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1375 B) ▸

   {"actor":"judge","decided_at":"2026-06-09T23:46:57.577Z","decision":"review_approve","investigation_id":"56838e34-4563-4210-9f8e-bc439f96bf7c","new_score":47,"page_slug":"silo-finance","prev_score":52,"reason":"The review found zero disputed claims across 22 checked (4.5% disputed_pct, entirely from partially_supported findings), placing this page firmly in the approve band. The five partially-supported findings are all minor: off-by-one date discrepancies in claim_findings[13] and [14] (IRMv2 Arbitrum deployment date, Immunefi bugfix review publication date), a ~10% ATH price overstatement in claim_findings[7] ($1.05 vs $0.91-0.96 on primary trackers), and a roadmap publication date error in claim_findings[22]. Core security incident claims — the IRMv1 vulnerability, RAMSES white-hat drain, and audited-vs-deployed divergence — are all confirmed by Tier 1 sources. A small score penalty of -5 is applied to account for the minor inaccuracies and one instance of link rot (cryptopanic citation, HTTP 403). The high-priority coverage gap — a June 2025 $545K exploit of a pre-release leverage contract — is a material omission that warrants editorial expansion but does not invalidate the existing V1 investigation content.","score_delta":-5,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision f8c966ff-4c17-42fa-bf62-314a6a4323dacopy