Skip to main content
Sign in
Unilend V21 decision on this page

Audit log

Every state-changing event for Unilend V2: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-29 16:47:23Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,977,559
    sig
    4xW19rgZHvyb…8Acf2XRrexplorer ↗
    hash
    DmbrQj82gVom…WdJW7Pd2sha256 → base58
    verifying row…full verify ↗
    canonical bytes (5489 B) ▸
    {"actor":"system:backfill","investigation_id":"b6075eb2-366b-46f4-8d71-dbe0f73034c8","kind":"publish","page_slug":"unilend-v2","published_at":"2026-05-29T16:47:22.950Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Unilend V2","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://unilend.medium.com/unilend-v2-is-now-live-5b3d76831bf6","type":"other","url":""},{"credibility":3,"name":"https://techbullion.com/unilend-v2-launched-on-mainnet-first-ever-permissionless-lending-borrowing-protocol-for-all-digital-assets/","type":"other","url":""},{"credibility":3,"name":"https://coinmarketcap.com/currencies/unilend/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://slowmist.medium.com/analysis-of-the-unilend-hack-90022fa35a54","type":"other","url":""},{"credibility":3,"name":"https://medium.com/coinmonks/how-a-200k-exploit-unfolded-at-unilend-04fb4918292d","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/defi-protocol-unilend-finance-exploited-for-197000/","type":"other","url":""},{"credibility":3,"name":"https://www.the-blockchain.com/2025/01/13/unilend-finance-losses-197-6k-to-a-redeem-process-vulnerability-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://unilend.medium.com/a-deep-dive-into-unilend-v2s-security-c1b95d2439f5","type":"other","url":""},{"credibility":3,"name":"https://www.scribd.com/document/860759163/PeckShield-Audit-UniLendV2","type":"other","url":""},{"credibility":3,"name":"https://unilend.gitbook.io/unilend-finance/audit-report","type":"other","url":""},{"credibility":3,"name":"https://www.vibraniumaudits.com/post/unilend-finance-exploited-for-nearly-200-000","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://x.com/UniLend_Finance/status/1878805205254340844","type":"other","url":""},{"credibility":3,"name":"https://www.coinspeaker.com/unilend-finance-suffers-196200-loss-vulnerability-exploit/","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/?id=unilend-exploit","type":"other","url":""},{"credibility":3,"name":"https://www.the-blockchain.com/2025/01/13/unilend-finance-losses-197-6k-to-a-redeem-process-vulnerability-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/unilend-v2","type":"other","url":""},{"credibility":3,"name":"https://coinmarketcap.com/currencies/unilend/","type":"other","url":""},{"credibility":3,"name":"https://www.gate.com/learn/articles/the-200k-dollars-uni-lend-hack-what-went-wrong-and-how-de-fi-can-do-better/5931","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/coinmonks/how-a-200k-exploit-unfolded-at-unilend-04fb4918292d","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/unilend-finance-hack-analysis-5ac7bb71850d","type":"other","url":""},{"credibility":3,"name":"https://olympix.security/biweekly-exploits/unilends-sequencing-bug-orange-finances-key-leak-and-labubus-transfer-logic-fail","type":"other","url":""},{"credibility":3,"name":"https://t.signalplus.com/crypto-news/detail/unilend-hack-contract-vulnerability-197k-loss","type":"other","url":""}]}],"sources_used":[],"summary":"UniLend V2 is a permissionless DeFi lending and borrowing protocol deployed on Ethereum mainnet in February 2024, designed to support all ERC-20 tokens via isolated dual-asset pools. On January 12, 2025, the protocol suffered a smart contract exploit that drained approximately $197,000 from its stETH pool due to a logic flaw in health factor calculations during the asset redemption process. Despite having been audited by PeckShield and SlowMist prior to launch, the exploited vulnerability was not caught or fully remediated, and as of the last available reporting the attacker's 20% bounty offer had not yielded a fund recovery.","timeline":[{"date":"2020-01-01","event":"UniLend Finance founded by Chandresh Aharwar, Tarun Malik, and Suryansh Kumar.","source":""},{"date":"2021-03-14","event":"UFT token reaches all-time high of approximately $3.77 USD.","source":""},{"date":"2024-02-12","event":"UniLend V2 launches on Ethereum mainnet as the first permissionless lending and borrowing protocol for all ERC-20 tokens, following audits by PeckShield and SlowMist.","source":""},{"date":"2025-01-12","event":"UniLend V2 exploited via flash loan attack exploiting stale health factor calculation logic, resulting in approximately $197,000 in losses from the stETH lending pool. Attacker address: 0x55f5f8058816d5376df310770ca3a2e294089c33.","source":""},{"date":"2025-01-13","event":"UniLend Finance posts official acknowledgment of the exploit on X, confirms $200K loss (~4% of $4.7M TVL), advises against V2 deposits, and confirms V1 funds are safe.","source":""},{"date":"2025-01-13","event":"SlowMist publishes technical post-mortem identifying stale balance reads in checkHealthFactorLtv0 and checkHealthFactorLtv1 as root cause.","source":""},{"date":"2025-01-13","event":"UniLend Finance offers the attacker a 20% bounty (~$40,000) for return of stolen funds; no public confirmation of recovery reported in subsequent sources.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 74b8a5d9-d91b-4787-a42f-1914d4e322f9
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.