Audit log

Every state-changing event for Sonne Finance: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

1. #1publishby system:backfill

   2026-05-20 15:26:56Z
   Score: ? → ? (no score change)
   anchoranchored

   chain

   ●mainnet-betaslot 421,012,576

   sig

   4REzGCqbwsRW…PTXcZ3i8copyexplorer ↗

   hash

   8bxEaCMMfmeQ…7yvzDkP4copysha256 → base58

   verifying row…full verify ↗

   canonical bytes (4967 B) ▸

   {"actor":"system:backfill","investigation_id":"46071ba8-e931-4806-addc-c35517a188ae","kind":"publish","page_slug":"sonne-finance","published_at":"2026-05-20T15:26:56.508Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Sonne Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://docs.sonne.finance/"},{"credibility":3,"name":"","type":"other","url":"https://blog.mexc.com/what-is-sonne-finance-sonne-creator-wilbur/"},{"credibility":3,"name":"","type":"other","url":"https://defillama.com/protocol/sonne-finance"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://medium.com/@SonneFinance/post-mortem-sonne-finance-exploit-12f3daa82b06"},{"credibility":3,"name":"","type":"other","url":"https://www.certik.com/resources/blog/sonne-finance-incident-analysis"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-sonne-finance-hack-may-2024"},{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/294508/lending-protocol-sonne-finance-faces-20-million-exploit-pauses-markets-on-optimism"},{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/tech/2024/05/15/sonne-finance-token-drops-60-after-20m-exploit-on-optimism"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.certik.com/resources/blog/sonne-finance-incident-analysis"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/coinmonks/sonne-finance-exploit-tracing-the-20-million-lost-to-the-hack-79140bbc3e7d"},{"credibility":3,"name":"","type":"other","url":"https://www.quillaudits.com/blog/hack-analysis/sonne-finance-hack"},{"credibility":3,"name":"","type":"other","url":"https://www.web3isgoinggreat.com/?id=sonne-finance-hack"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://therecord.media/sonne-finance-cryptocurrency-heist-bounty-offered"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/coinmonks/sonne-finance-exploit-tracing-the-20-million-lost-to-the-hack-79140bbc3e7d"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/@SonneFinance/post-mortem-sonne-finance-exploit-12f3daa82b06"},{"credibility":3,"name":"","type":"other","url":"https://x.com/beefyfinance/status/1790699510496215474"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-sonne-finance-hack-may-2024"},{"credibility":3,"name":"","type":"other","url":"https://www.certik.com/resources/blog/sonne-finance-incident-analysis"},{"credibility":3,"name":"","type":"other","url":"https://unchainedcrypto.com/20-million-exploited-from-sonne-finance-on-optimism/"},{"credibility":3,"name":"","type":"other","url":"https://cryptonews.com/news/sonne-finance-suffers-20m-exploit/"}]}],"sources_used":[],"summary":"Sonne Finance is a Compound V2 fork deployed on Optimism that was exploited for approximately $20 million on May 14, 2024, in what became the largest exploit in Optimism's history. The attack exploited a well-known precision-loss donation vulnerability in Compound V2 forks, triggered during the rollout of a new VELO token market; the attacker leveraged a multi-transaction deployment architecture and a two-day timelock window to manipulate exchange rates and drain user funds.","timeline":[{"date":"2022-09-01","event":"Sonne Finance launches on Optimism as a Compound V2 fork.","source":""},{"date":"2023-04-15","event":"Hundred Finance exploited via precision-loss donation attack on Compound V2 fork — the same vulnerability class later used against Sonne Finance.","source":""},{"date":"2024-05-04","event":"Sonne Improvement Proposal 15 introduced to add VELO token market to the Optimism deployment.","source":""},{"date":"2024-05-07","event":"SIP-15 passes unanimously with 2.3 million SONNE votes. Team queues multi-transaction market deployment on multisig with two-day timelock.","source":""},{"date":"2024-05-12","event":"Attacker executes preparatory transaction positioning for exploit once timelock expires.","source":""},{"date":"2024-05-14","event":"Timelock expires. Attacker executes donation attack against soVELO market, draining approximately $20 million across VELO, WETH, USDC.e, WBTC, wstETH, USDT, and USDC. SEAL contributor intervenes and preserves approximately $6.5 million in remaining funds.","source":""},{"date":"2024-05-15","event":"Sonne Finance pauses all Optimism markets. Team announces exploit publicly, offers 10% bounty to attacker for fund return. SONNE token drops over 60%.","source":""},{"date":"2024-05-26","event":"Attacker transfers 1,600 ETH (approximately $6.2 million) to Tornado Cash.","source":""}]},"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 13aae22c-fd88-402d-89b6-de2edae5f999copy
2. #2reviewby reviewerreviewer

   2026-06-15 19:50:05Z
   Score: 10 → 10 (no score change)
   The Sonne Finance page is substantively accurate. All major claims — exploit amount, date, mechanism, assets drained, SEAL intervention, token drop, bounty offer, and Tornado Cash transfer — are confirmed by multiple tier-1 sources. Two claims are partially supported: the specific '2.3 million SONNE votes' figure for SIP-15 cannot be independently verified, and the May 12 preparatory transaction date is corroborated only by CertiK. One cited URL (The Block) returned 403 due to bot protection, which may indicate access restriction rather than true link rot. A significant omission is that yAudit had pre-flagged this exact attack vector as a high finding, which is relevant to assessing protocol negligence.
   anchoranchored

   chain

   ●mainnet-betaslot 426,700,987

   sig

   5RW7HpQvKtCw…s5SxYTVXcopyexplorer ↗

   hash

   aYaV8GdStZCK…bWa34eNacopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1061 B) ▸

   {"actor":"reviewer","decided_at":"2026-06-15T19:50:05.578Z","decision":"review","investigation_id":"46071ba8-e931-4806-addc-c35517a188ae","new_score":10,"page_slug":"sonne-finance","prev_score":10,"reason":"The Sonne Finance page is substantively accurate. All major claims — exploit amount, date, mechanism, assets drained, SEAL intervention, token drop, bounty offer, and Tornado Cash transfer — are confirmed by multiple tier-1 sources. Two claims are partially supported: the specific '2.3 million SONNE votes' figure for SIP-15 cannot be independently verified, and the May 12 preparatory transaction date is corroborated only by CertiK. One cited URL (The Block) returned 403 due to bot protection, which may indicate access restriction rather than true link rot. A significant omission is that yAudit had pre-flagged this exact attack vector as a high finding, which is relevant to assessing protocol negligence.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision abc1ee91-8265-4fbe-b0db-1c870e9c1814copy
3. #3review approveby judgejudge

   2026-06-15 19:50:05Z
   Score: 10 → 52 (+42)
   The reviewer examined 18 claims and found zero disputed. Fifteen claims are fully confirmed by Tier 1 sources including CertiK, Halborn, The Record, and CoinDesk; two claims are partially supported (the '2.3 million SONNE votes' figure in claim_findings[9] and the May 12 preparatory transaction date in claim_findings[11]) where the core facts hold but specific figures lack independent corroboration. One citation returned 403 (The Block), consistent with bot-protection rather than true link rot. The one high-priority coverage gap — that yAudit pre-flagged this exact attack vector before the exploit — is an omission that warrants expansion but does not dispute any published claim. The page is factually sound and approved as written.
   anchoranchored

   chain

   ●mainnet-betaslot 426,700,991

   sig

   3LQKyJf1cdg1…BTB5Vzaecopyexplorer ↗

   hash

   C55ikLT611Tj…A4Mz8KBNcopysha256 → base58

   verifying row…full verify ↗

   canonical bytes (1095 B) ▸

   {"actor":"judge","decided_at":"2026-06-15T19:50:05.578Z","decision":"review_approve","investigation_id":"46071ba8-e931-4806-addc-c35517a188ae","new_score":52,"page_slug":"sonne-finance","prev_score":10,"reason":"The reviewer examined 18 claims and found zero disputed. Fifteen claims are fully confirmed by Tier 1 sources including CertiK, Halborn, The Record, and CoinDesk; two claims are partially supported (the '2.3 million SONNE votes' figure in claim_findings[9] and the May 12 preparatory transaction date in claim_findings[11]) where the core facts hold but specific figures lack independent corroboration. One citation returned 403 (The Block), consistent with bot-protection rather than true link rot. The one high-priority coverage gap — that yAudit pre-flagged this exact attack vector before the exploit — is an omission that warrants expansion but does not dispute any published claim. The page is factually sound and approved as written.","score_delta":42,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}

   Verify offline (run on your own machine)

   python -m src.verify_decision 880564c2-538e-4838-8b6a-ec52f5189bf3copy