← Silo V23 decisions on this page

Audit log

Every state-changing event for Silo V2: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

#1publishby system:backfill
2026-05-29 02:28:29Z
Score: ? → ? (no score change)
anchoranchored
chain
●mainnet-betaslot 422,847,472
sig
2EBcdKv9s317…w5Cj2c7Jexplorer ↗
hash
DxKZVdHhWAsh…CpTnWgqWsha256 → base58
verifying row…full verify ↗
canonical bytes (8147 B) ▸
{"actor":"system:backfill","investigation_id":"713de2c4-1c19-48fb-a807-a613b6a5386a","kind":"publish","page_slug":"silo-v2","published_at":"2026-05-29T02:28:29.892Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Silo V2","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://docs.silo.finance/","type":"other","url":""},{"credibility":3,"name":"https://nansen.ai/post/what-is-silo-finance-defis-risk-isolated-lending-markets","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/silo-v2","type":"other","url":""},{"credibility":3,"name":"https://silopedia.silo.finance/silodao/usdsilo/token-allocation-and-vesting","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://silofinance.medium.com/post-mortem-unreleased-leverage-contract-exploitd-0ab8f37afcbb","type":"other","url":""},{"credibility":3,"name":"https://www.certora.com/blog/silo-incident-report-contract-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.quillaudits.com/blog/hack-analysis/how-silo-finance-lost-500k","type":"other","url":""},{"credibility":3,"name":"https://getfailsafe.com/ongoing-silo-finance-hack-what-you-need-to-know","type":"other","url":""},{"credibility":3,"name":"https://smartcontractshacking.com/hacks/silo-finance-hack-2025","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.quillaudits.com/blog/hack-analysis/how-silo-finance-lost-500k","type":"other","url":""},{"credibility":3,"name":"https://www.cryptopolitan.com/silo-finance-hacked-545k-in-loss-reported/","type":"other","url":""},{"credibility":3,"name":"https://cryptorank.io/news/feed/6f977-silo-finance-hacked-545k-in-loss-reported","type":"other","url":""},{"credibility":3,"name":"https://www.bitget.com/news/detail/12560604835357","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.certora.com/blog/silo-incident-report-contract-exploit","type":"other","url":""},{"credibility":3,"name":"https://immunefi.com/bug-bounty/silofinance-v2/information/","type":"other","url":""},{"credibility":3,"name":"https://medium.com/immunefi/silo-finance-logic-error-bugfix-review-35de29bd934a","type":"other","url":""},{"credibility":3,"name":"https://medium.com/silo-protocol/vulnerability-disclosure-2023-06-06-c1dfd4c4dbb8","type":"other","url":""},{"credibility":3,"name":"https://devdocs.silo.finance/security/audits-and-formal-verification","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.ainvest.com/news/silo-finance-loses-545-000-smart-contract-exploit-silo-price-drops-11-2506/","type":"other","url":""},{"credibility":3,"name":"https://www.okx.com/en-us/learn/silo-finance-exploit-smart-contract-breach","type":"other","url":""},{"credibility":3,"name":"https://www.mitrade.com/insights/news/live-news/article-3-915081-20250626","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://silofinance.medium.com/post-mortem-unreleased-leverage-contract-exploitd-0ab8f37afcbb","type":"other","url":""},{"credibility":3,"name":"https://www.certora.com/blog/silo-incident-report-contract-exploit","type":"other","url":""},{"credibility":3,"name":"https://medium.com/silo-protocol/vulnerability-disclosure-2023-06-06-c1dfd4c4dbb8","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.cryptopolitan.com/silo-finance-hacked-545k-in-loss-reported/","type":"other","url":""},{"credibility":3,"name":"https://phemex.com/news/article/silo-finance-exploit-results-in-545k-loss-11097","type":"other","url":""},{"credibility":3,"name":"https://www.ainvest.com/news/silo-finance-loses-545-000-smart-contract-exploit-silo-price-drops-11-2506/","type":"other","url":""}]}],"sources_used":[],"summary":"Silo V2 is a non-custodial, permissionless isolated lending market protocol operating across Ethereum, Arbitrum, Base, Optimism, and Sonic. On June 25, 2025, an unreleased peripheral leverage contract was exploited for approximately $545,000 (224 ETH) belonging to SiloDAO test funds; the team confirmed that all core markets and user deposits were unaffected. The incident revealed inadequate input validation and absent formal verification on pre-release code that had been deployed to mainnet, and the attacker subsequently laundered the stolen ETH through Tornado Cash.","timeline":[{"date":"2021-01-01","event":"Silo Finance founded and initial protocol design work begun on isolated lending market architecture.","source":""},{"date":"2023-04-27","event":"Whitehat submits critical vulnerability report via Immunefi disclosing interest rate model (IRMV1) flaw that could have exposed approximately $3 million in Ethereum-market deposits.","source":"Silo Finance vulnerability disclosure (Medium)","source_url":"https://medium.com/silo-protocol/vulnerability-disclosure-2023-06-06-c1dfd4c4dbb8"},{"date":"2023-05-01","event":"Silo deploys patched interest rate model (IRMv2), fixing the utilization ratio calculation vulnerability.","source":"Certora Silo Finance Post-Mortem","source_url":"https://www.certora.com/blog/silo-finance-post-mortem"},{"date":"2023-06-06","event":"Silo Finance publicly discloses the 2023 vulnerability and awards 100,000 USDC bug bounty to the whitehat reporter.","source":"Silo Finance Medium vulnerability disclosure","source_url":"https://medium.com/silo-protocol/vulnerability-disclosure-2023-06-06-c1dfd4c4dbb8"},{"date":"2024-01-01","event":"Silo V2 announced with expanded architecture: multichain deployment, programmable markets, Silo Vaults, and xSILO revenue token.","source":"Silo Finance 2024 Roadmap (Medium)","source_url":"https://medium.com/silo-protocol/silo-finance-2024-roadmap-4c3aadf31348"},{"date":"2025-05-28","event":"Cork Protocol exploited for approximately $12 million (3,761 wstETH); attacker address later linked to Silo Finance exploit.","source":"Bitget News / PeckShield","source_url":"https://www.bitget.com/news/detail/12560604835357"},{"date":"2025-06-25","event":"Silo Finance leverage contract exploit occurs at 14:11:23 UTC; 224 ETH (~$545,000 in SiloDAO test funds) drained via improper input validation in unreleased LeverageUsingSiloFlashloanWithGeneralSwap contract.","source":"Silo Finance post-mortem (Medium)","source_url":"https://silofinance.medium.com/post-mortem-unreleased-leverage-contract-exploitd-0ab8f37afcbb"},{"date":"2025-06-25","event":"Silo Finance pauses the affected contract on Ethereum and Sonic networks; confirms core markets and user funds unaffected.","source":"Silo Finance post-mortem (Medium)","source_url":"https://silofinance.medium.com/post-mortem-unreleased-leverage-contract-exploitd-0ab8f37afcbb"},{"date":"2025-06-25","event":"SILO token price drops approximately 11% following public disclosure of the exploit.","source":"Ainvest","source_url":"https://www.ainvest.com/news/silo-finance-loses-545-000-smart-contract-exploit-silo-price-drops-11-2506/"},{"date":"2025-06-25","event":"PeckShield flags attacker wallet as linked to the Cork Protocol exploit; both incidents involve Tornado Cash fund laundering.","source":"Cryptopolitan","source_url":"https://www.cryptopolitan.com/silo-finance-hacked-545k-in-loss-reported/"},{"date":"2025-06-25","event":"Attacker routes stolen 224 ETH through Tornado Cash in multiple transactions to obfuscate fund trail.","source":"QuillAudits hack analysis","source_url":"https://www.quillaudits.com/blog/hack-analysis/how-silo-finance-lost-500k"},{"date":"2025-06-26","event":"Certora publishes incident post-mortem acknowledging that Certora Prover was not applied to the exploited leverage contract, and that formal verification would have detected the user-controlled external call vulnerability.","source":"Certora incident report","source_url":"https://www.certora.com/blog/silo-incident-report-contract-exploit"}]},"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision 7fca6812-da86-456b-b8ae-d80be8633952
#2reviewby reviewerreviewer
2026-06-09 21:56:14Z
Score: 52 → 52 (no score change)
The Silo V2 investigation page is factually sound on its core claims: the June 25 2025 exploit date, amount (224 ETH / ~$545K), contract name, affected networks, SiloDAO fund ownership, Tornado Cash laundering, and Certora's formal-verification admission are all independently confirmed. Four claims are partially supported: the 2024 roadmap date is wrong (Feb 29, not Jan 1) and the roadmap does not mention 'xSILO revenue token'; the IRMv2 patch is framed as a single-day event when it was a multi-step rollout; and the Cork Protocol attacker link overstates the evidence (coincident Tornado Cash activity, not confirmed shared identity). No claims were found to be outright disputed or unverifiable. The most significant structural gap is that all seven section content fields are empty.
anchoranchored
chain
●mainnet-betaslot 425,413,507
sig
2xX2oa8tXaqH…VNvh9dXEexplorer ↗
hash
H1p64D153v55…9wp6XQ7Msha256 → base58
verifying row…full verify ↗
canonical bytes (1133 B) ▸
{"actor":"reviewer","decided_at":"2026-06-09T21:56:14.014Z","decision":"review","investigation_id":"713de2c4-1c19-48fb-a807-a613b6a5386a","new_score":52,"page_slug":"silo-v2","prev_score":52,"reason":"The Silo V2 investigation page is factually sound on its core claims: the June 25 2025 exploit date, amount (224 ETH / ~$545K), contract name, affected networks, SiloDAO fund ownership, Tornado Cash laundering, and Certora's formal-verification admission are all independently confirmed. Four claims are partially supported: the 2024 roadmap date is wrong (Feb 29, not Jan 1) and the roadmap does not mention 'xSILO revenue token'; the IRMv2 patch is framed as a single-day event when it was a multi-step rollout; and the Cork Protocol attacker link overstates the evidence (coincident Tornado Cash activity, not confirmed shared identity). No claims were found to be outright disputed or unverifiable. The most significant structural gap is that all seven section content fields are empty.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision c1159df2-afed-4ea5-903d-453d0d2e9e92
#3review reviseby judgejudge
2026-06-09 21:56:14Z
Score: 52 → 44 (-8)
Zero claims were outright disputed, and all core facts about the June 25 2025 exploit (224 ETH, SiloDAO test funds, LeverageUsingSiloFlashloanWithGeneralSwap contract, Tornado Cash laundering, Certora formal-verification admission) are confirmed by Tier 1 sources. Four claims are partially supported: claim_findings[10] (timeline[4]) carries a wrong roadmap date (Feb 29 not Jan 1) and an anachronistic xSILO reference; claim_findings[8] (timeline[2]) oversimplifies the IRMv2 rollout as a single-day event; and claim_findings[11] and claim_findings[15] (timeline[5] and timeline[9]) overstate the Cork Protocol attacker link as a confirmed attribution when sources only show coincident Tornado Cash activity. The most significant structural issue flagged at coverage_gaps[4] (priority: high) is that all seven section content fields are empty — the page has source citations but no written analysis, which must be corrected before the page can be considered complete.
anchoranchored
chain
●mainnet-betaslot 425,413,511
sig
BejamtMpWvNu…3kuqM7yfexplorer ↗
hash
49JgWR59bPbF…UgA8jyyAsha256 → base58
verifying row…full verify ↗
canonical bytes (1317 B) ▸
{"actor":"judge","decided_at":"2026-06-09T21:56:14.014Z","decision":"review_revise","investigation_id":"713de2c4-1c19-48fb-a807-a613b6a5386a","new_score":44,"page_slug":"silo-v2","prev_score":52,"reason":"Zero claims were outright disputed, and all core facts about the June 25 2025 exploit (224 ETH, SiloDAO test funds, LeverageUsingSiloFlashloanWithGeneralSwap contract, Tornado Cash laundering, Certora formal-verification admission) are confirmed by Tier 1 sources. Four claims are partially supported: claim_findings[10] (timeline[4]) carries a wrong roadmap date (Feb 29 not Jan 1) and an anachronistic xSILO reference; claim_findings[8] (timeline[2]) oversimplifies the IRMv2 rollout as a single-day event; and claim_findings[11] and claim_findings[15] (timeline[5] and timeline[9]) overstate the Cork Protocol attacker link as a confirmed attribution when sources only show coincident Tornado Cash activity. The most significant structural issue flagged at coverage_gaps[4] (priority: high) is that all seven section content fields are empty — the page has source citations but no written analysis, which must be corrected before the page can be considered complete.","score_delta":-8,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}
Verify offline (run on your own machine)
python -m src.verify_decision fb28f39b-bb7d-4646-a571-9594bbb3125d

How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.