Skip to main content
Sign in
Superfluid1 decision on this page

Audit log

Every state-changing event for Superfluid: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-28 17:37:56Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,767,122
    sig
    Z5tHb1yQSRTN…8aoXfkanexplorer ↗
    hash
    9CWJa8nkEdFi…sr1CbT49sha256 → base58
    verifying row…full verify ↗
    canonical bytes (5439 B) ▸
    {"actor":"system:backfill","investigation_id":"3fa226c1-40b6-4785-9498-9ad2b6d997fb","kind":"publish","page_slug":"superfluid","published_at":"2026-05-28T17:37:56.348Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Superfluid","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/superfluid-blog/08-02-22-exploit-post-mortem-15ff9c97cdd","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/superfluid-rekt","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-superfluid-hack-february-2022","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/?id=2022-02-08-2","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/superfluid-blog/08-02-22-exploit-post-mortem-15ff9c97cdd","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/polygon-stablecoin-qidao-exploited-for-13m-on-superfluid-vested-contract","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/qidao-experiences-exploit-of-superfluid-smart-contract-code-20m-estimated-to-be-lost/","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/superfluid-rekt","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/superfluid-blog/strengthening-superfluid-protocol-security-with-additional-third-party-audits-c17c2ca93e73","type":"other","url":""},{"credibility":3,"name":"https://medium.com/superfluid-blog/results-from-halborn-smart-contracts-audit-5070a2945357","type":"other","url":""},{"credibility":3,"name":"https://reports.electisec.tech/reports/06-2022-Superfluid","type":"other","url":""},{"credibility":3,"name":"https://immunefi.com/bug-bounty/superfluid/information/","type":"other","url":""},{"credibility":3,"name":"https://github.com/sherlock-audit/2025-06-superfluid-locker-system","type":"other","url":""},{"credibility":3,"name":"https://audits.sherlock.xyz/contests/648","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.theblock.co/post/111139/ethereum-money-streaming-protocol-superfluid-raises-9-million-seed","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/278615/ethereum-token-streaming-protocol-superfluid-strategic-funding","type":"other","url":""},{"credibility":3,"name":"https://superfluid.org/post/superfluid-secures-usd5-1m-to-boost-growth","type":"other","url":""},{"credibility":3,"name":"https://www.cbinsights.com/company/superfluid-finance/people","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://superfluid.org/post/introducing-sup-the-superfluid-token","type":"other","url":""},{"credibility":3,"name":"https://icodrops.com/superfluid/","type":"other","url":""},{"credibility":3,"name":"https://www.chaincatcher.com/en/article/2168549","type":"other","url":""}]}],"sources_used":[],"summary":"Superfluid is an asset streaming and programmable cash flow protocol founded in 2020, deployed across Ethereum, Polygon, and multiple other EVM chains. On February 8, 2022, an attacker exploited a context serialization vulnerability in the protocol's host contract, draining approximately $8.7 million in assets from multiple projects including QiDAO, Stake DAO, Stacker Ventures, and Museum of Crypto Art. The protocol patched the vulnerability within hours, partially compensated affected parties, and has continued operating with additional audits and a native SUP token launch in 2025.","timeline":[{"date":"2020-01-01","event":"Superfluid protocol founded by Francesco Renzi, Miao, and Michele D'Aliessi","source":""},{"date":"2021-07-13","event":"Superfluid raises $9 million seed round led by Multicoin Capital","source":""},{"date":"2022-02-08","event":"Attacker exploits context serialization vulnerability in Superfluid host contract, draining approximately $8.7 million from vesting contracts across QiDAO, Stake DAO, Stacker Ventures, and Museum of Crypto Art","source":""},{"date":"2022-02-08","event":"Emergency protocol upgrade deployed within ~4 hours of exploit; $1 million bounty offered to attacker for fund return","source":""},{"date":"2022-02-09","event":"Superfluid recapitalizes 80% of affected addresses with direct USDC transfer within 18 hours; longer-term compensation plan negotiated for remaining losses","source":""},{"date":"2022-06-01","event":"Halborn and yAcademy (Electisec) complete post-exploit security audits; no new critical vulnerabilities found","source":""},{"date":"2024-02-22","event":"Superfluid raises $5.1 million strategic round led by Fabric Ventures","source":""},{"date":"2025-02-19","event":"Superfluid introduces SUP governance token with 1 billion total supply; 60% allocated to community","source":""},{"date":"2025-06-04","event":"Sherlock competitive audit of Superfluid Locker System identifies multiple medium-severity vulnerabilities in SUP staking and vesting contracts","source":""},{"date":"2025-08-05","event":"SUP token lists on Binance Alpha; price declines 25-30% within 24 hours on airdrop sell pressure","source":""},{"date":"2025-11-22","event":"Superfluid Token Generation Event (TGE) concludes","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision e81ce9b5-ffe6-4b8a-a5c0-ff71031f01e6
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.