Verify a decision

{"actor":"system:backfill","investigation_id":"38e6185e-4f23-4b8e-bba3-079c35de72e6","kind":"publish","page_slug":"pickle-finance","published_at":"2026-05-30T19:10:28.687Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Pickle Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/kind-of-a-big-dill-picklefinance-tvl-exceed-347m-in-4-days","type":"other","url":""},{"credibility":3,"name":"https://picklefinance.medium.com/pickle-finance-launch-beea2eb8eacb","type":"other","url":""},{"credibility":3,"name":"https://docs.pickle.finance","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cryptotesters.com/review/what-is-pickle-finance","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/defi/pickle-finance-sounds-like-a-joke-but-it-wants-to-bring-stability-to-defi","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-defi-protocol-pickle-finance-hack-nov-2020","type":"other","url":""},{"credibility":3,"name":"https://github.com/banteg/evil-jar/blob/master/readme.md","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/pickle-finance-rekt","type":"other","url":""},{"credibility":3,"name":"https://picklefinance.medium.com/pickle-was-hacked-and-there-has-been-a-loss-of-funds-414b99969c29","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/pickle-finance-rekt","type":"other","url":""},{"credibility":3,"name":"https://docs.pickle.finance/security/audits-and-timelock/smart-contract-audits","type":"other","url":""},{"credibility":3,"name":"https://immunebytes.com/blog/pickle-finance-exploit-nov-21-2020-detailed-analysis/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://picklefinance.medium.com/pickle-was-hacked-and-there-has-been-a-loss-of-funds-414b99969c29","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/pickle-finance-rekt","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-defi-protocol-pickle-finance-hack-nov-2020","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.theblock.co/post/85585/defi-merger-yearn-pickle-finance","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/yearn-finance-absorbs-pickle-to-boost-defi-rewards","type":"other","url":""},{"credibility":3,"name":"https://x.com/picklefinance/status/1331287296637693954","type":"other","url":""},{"credibility":3,"name":"https://www.nasdaq.com/articles/defi-protocol-pickle-finance-token-loses-almost-half-its-value-after-$19.7m-hack-2020-11","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://picklefinance.medium.com/pickle-finance-closing-the-jar-7996fe4ecd94","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-defi-protocol-pickle-finance-hack-nov-2020","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/pickle-finance-rekt","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/49149/pickle-finance-hack","type":"other","url":""}]}],"sources_used":[],"summary":"Pickle Finance was a DeFi yield aggregator launched in September 2020 that allowed users to auto-compound returns via tokenized strategy vaults called 'Jars.' On November 21, 2020, an attacker exploited a combination of smart contract vulnerabilities in the unaudited ControllerV4 contract to drain 19,759,355 DAI (~$19.7 million) from the pDAI Jar in what analysts described as one of the most technically complex DeFi exploits of its era. The protocol subsequently partnered with Yearn Finance, issued a CORNICHON compensation token to victims, and continued operating until it announced a full shutdown effective October 1, 2025.","timeline":[{"date":"2020-09-11","event":"Pickle Finance launches on Ethereum at block 10838600 with a fair-launch PICKLE token distribution and no pre-mine.","source":""},{"date":"2020-09-15","event":"Protocol TVL surpasses $347 million within four days of launch, driven by DeFi Summer yield farming demand.","source":""},{"date":"2020-10-03","event":"MixBytes commences a smart contract audit covering ControllerV3 and existing Jar strategy contracts.","source":""},{"date":"2020-10-20","event":"HAECHI AUDIT completes its review of Pickle Finance smart contracts, covering ControllerV3 scope.","source":""},{"date":"2020-10-23","event":"ControllerV4 is deployed to mainnet with the new swapExactJarForJar() function, outside the scope of both completed audits.","source":""},{"date":"2020-11-21","event":"Attacker drains 19,759,355 DAI from the pDAI PickleJar using the 'Evil Jar' exploit, combining unvalidated jar swaps, code injection via CurveProxyLogic, and incorrect dust classification of cDAI. PICKLE token falls ~50%.","source":""},{"date":"2020-11-22","event":"Pickle Finance governance multi-sig granted emergency powers via Timelock at 3:15 PM UTC. CurveProxyLogic converter revoked from Controller one minute later, eliminating the attack vector.","source":""},{"date":"2020-11-24","event":"Yearn Finance and Pickle Finance announce a collaboration. CORNICHON compensation token introduced and distributed proportionally to hack victims based on pDAI Jar balance snapshot.","source":""},{"date":"2025-07-01","event":"Pickle Finance announces protocol shutdown, citing bear market conditions and saturated yield-aggregator market. 170,280 USDC treasury to be distributed to token holders.","source":""},{"date":"2025-10-01","event":"Pickle Finance UI disabled. Protocol fully sunsets after approximately five years of operation.","source":""}]},"v":1}