Skip to main content
Sign in
SIR (Synthetics Implemented Right)1 decision on this page

Audit log

Every state-changing event for SIR (Synthetics Implemented Right): moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-30 04:06:04Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 423,080,271
    sig
    3YagH2g32yQS…2nWoWmoiexplorer ↗
    hash
    EgBNBqtr71df…D2nft6ZSsha256 → base58
    verifying row…full verify ↗
    canonical bytes (5885 B) ▸
    {"actor":"system:backfill","investigation_id":"8e8cda68-7a31-4dd2-b75f-7189f98ab0e2","kind":"publish","page_slug":"sir","published_at":"2026-05-30T04:06:03.956Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"SIR (Synthetics Implemented Right)","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/@xatarra/sir-pleased-to-meet-you-32b92f0e6fc7","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/defi-protocol-sir-trading-loses-entire-355-k-tvl-exploit","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/sirtrading-rekt","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://research.blockscope.co/sir-protocol-exploit/","type":"other","url":""},{"credibility":3,"name":"https://defihacklabs.substack.com/p/sir-exploit-355k-loss-vulnerability","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/synthetics-implemented-right-sir-hack-analysis-837d328c4c30","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/sirtrading-rekt","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/defi-protocol-sir-trading-loses-entire-355-k-tvl-exploit","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://github.com/Egis-Security/audits/blob/main/README.md","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/sirtrading-rekt","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/synthetics-implemented-right-sir-hack-analysis-837d328c4c30","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/sir-trading-offers-attacker-100k-bounty-after-losing-entire-tvl-to-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://crypto.news/sir-trading-offers-attacker-100k-bounty-after-losing-entire-tvl-to-exploit/","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/sir-trading-founder-begs-hacker-return-funds-or-wont-survive","type":"other","url":""},{"credibility":3,"name":"https://research.blockscope.co/sir-protocol-exploit/","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/sirtrading-rekt","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/sirtrading-rekt","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/sir-trading-offers-attacker-100k-bounty-after-losing-entire-tvl-to-exploit/","type":"other","url":""},{"credibility":3,"name":"https://dexscreener.com/ethereum/0xd213f59f057d32194592f22850f4f077405f9bc1","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://en.wikipedia.org/wiki/ZachXBT","type":"other","url":""},{"credibility":3,"name":"https://zachxbt.mirror.xyz/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://research.blockscope.co/sir-protocol-exploit/","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/sirtrading-rekt","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/synthetics-implemented-right-sir-hack-analysis-837d328c4c30","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/defi-protocol-sir-trading-loses-entire-355-k-tvl-exploit","type":"other","url":""}]}],"sources_used":[],"summary":"SIR (Synthetics Implemented Right), operating as SIR.trading, is an Ethereum-based DeFi protocol offering non-liquidating leveraged tokens and synthetic assets. On March 30, 2025, just 39 days after its February 20 mainnet launch, the protocol's Vault contract was completely drained of its entire $355,000 TVL through an exploit targeting a novel misuse of Ethereum's transient storage (EIP-1153) introduced in the Dencun upgrade. The attacker laundered proceeds through Railgun; the founder publicly pleaded for a partial return of funds; the protocol subsequently relaunched after completing four additional security audits.","timeline":[{"date":"2021-07-20","event":"Founder Xatarrer publishes introductory Medium post announcing SIR (Synthetics Implemented Right) and recruiting developers","source":""},{"date":"2025-01-01","event":"Egis Security completes pre-launch audit, identifying 3 high, 2 medium, and 2 low severity issues","source":""},{"date":"2025-01-30","event":"Attacker deploys dummy ERC-20 tokens and creates a Uniswap V3 pool with controlled liquidity in preparation for the exploit","source":""},{"date":"2025-02-20","event":"SIR.trading launches on Ethereum mainnet; TVL begins growing organically toward approximately $400,000","source":""},{"date":"2025-03-30","event":"Attacker exploits transient storage collision in Vault contract's uniswapV3SwapCallback function, draining entire $355,000 TVL; stolen funds laundered through Railgun within minutes; TenArmorAlert and Decurity detect and publicize the attack","source":""},{"date":"2025-03-31","event":"Founder Xatarrer posts on-chain plea to attacker, offering $100,000 (28% of stolen funds) as a bounty in exchange for return of the remainder, pledging no legal action","source":""},{"date":"2025-04-01","event":"SIR.trading contacts Railgun directly seeking assistance in tracing or recovering stolen funds; attacker does not respond to bounty offer","source":""},{"date":"2025-04-01","event":"Protocol team announces intent to rebuild; seeks auditors willing to work for token equity given depleted funds","source":""},{"date":"2025-09-01","event":"Protocol reports completion of four additional security audits and announces relaunch at app.sir.trading","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 07a3f980-6707-4867-9348-c081c8010e67
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.