Skip to main content
Sign in
← avoid.net

Verify a decision

Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.

How verification works

  1. We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction.
  2. We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
  3. You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>

Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.

Decision
publish · Dexodus Finance
View on Solana ↗
Sequence
#1
Score
Cluster
mainnet-beta
Slot
422984223
Off-chain at
2026-05-29T17:31:32.557Z
Anchored at
Block time

Independent verification

1. Database (off-chain)
2Y5KvTswX9XjFi98Z49ahLYF8RkC165SP1SzrmcTowm2
2. Recomputed (your browser)
computing…
3. On-chain (Solana memo)
fetching…
Canonical bytes hashed (7190 chars)
{"actor":"system:backfill","investigation_id":"303d6dc0-64f2-4fd3-b0f2-6049f92eef1b","kind":"publish","page_slug":"dexodus-finance","published_at":"2026-05-29T17:31:32.500Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Dexodus Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.dexodus.finance/","type":"other","url":""},{"credibility":3,"name":"https://docs.dexodus.finance/","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/dexodus-finance","type":"other","url":""},{"credibility":3,"name":"https://www.rootdata.com/Projects/detail/Dexodus?k=MTIzMDY%3D","type":"other","url":""},{"credibility":3,"name":"https://tracxn.com/d/companies/dexodus/__zdky1RGiu4H__hbUCIbACv0IrffrxdueStGtghorcU0","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.quillaudits.com/blog/hack-analysis/dexodus-finance-exploit","type":"other","url":""},{"credibility":3,"name":"https://quillaudits.medium.com/dexodus-lost-300k-in-a-signature-replay-attack-heres-the-breakdown-46b7165970e2","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/dexodus-finance-hack-analysis-d699135f575c","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@zhenyazhdarkin/dexodus-finance-exploit-how-a-stale-chainlink-report-enabled-a-291k-price-manipulation-attack-39dcee1efff0","type":"other","url":""},{"credibility":3,"name":"https://olympix.security/blog/how-dexodus-got-rekt-by-reused-signatures-and-how-olympix-wouldve-prevented-it","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/hacks","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://olympix.security/blog/how-dexodus-got-rekt-by-reused-signatures-and-how-olympix-wouldve-prevented-it","type":"other","url":""},{"credibility":3,"name":"https://www.quillaudits.com/blog/hack-analysis/dexodus-finance-exploit","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/dexodus-finance-hack-analysis-d699135f575c","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/audits/dexodus/dexodusv2","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/audits/dexodus","type":"other","url":""},{"credibility":3,"name":"https://olympixai.medium.com/dexodus-zora-numa-946k-lost-to-replays-access-bugs-and-locked-in-prices-40c37b78391c","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://coinpedia.org/information/dexodus-demonstrates-what-defi-recovery-should-look-like/","type":"other","url":""},{"credibility":3,"name":"https://www.ainvest.com/news/dexodus-recover-100-funds-crisis-launches-gen-system-2506/","type":"other","url":""},{"credibility":3,"name":"https://cryptodaily.co.uk/2025/06/the-defi-protocol-that-just-pulled-off-the-impossible","type":"other","url":""},{"credibility":3,"name":"https://bitcoinethereumnews.com/tech/dexodus-demonstrates-what-defi-recovery-should-look-like/","type":"other","url":""},{"credibility":3,"name":"https://x.com/IncentiveFi/status/1927357040030032365","type":"other","url":""},{"credibility":3,"name":"https://quillaudits.medium.com/dexodus-lost-300k-in-a-signature-replay-attack-heres-the-breakdown-46b7165970e2","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/audits/dexodus/dexodusv2","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/audits/dexodus","type":"other","url":""},{"credibility":3,"name":"https://docs.dexodus.finance/security-audits","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/dexodus-finance-hack-analysis-d699135f575c","type":"other","url":""},{"credibility":3,"name":"https://olympix.security/blog/how-dexodus-got-rekt-by-reused-signatures-and-how-olympix-wouldve-prevented-it","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://x.com/IncentiveFi/status/1927357040030032365","type":"other","url":""},{"credibility":3,"name":"https://www.quillaudits.com/blog/hack-analysis/dexodus-finance-exploit","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/dexodus-finance-hack-analysis-d699135f575c","type":"other","url":""},{"credibility":3,"name":"https://olympixai.medium.com/dexodus-zora-numa-946k-lost-to-replays-access-bugs-and-locked-in-prices-40c37b78391c","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/dexodus-finance","type":"other","url":""},{"credibility":3,"name":"https://defx.com/en/protocol/dexodus-finance.html","type":"other","url":""},{"credibility":3,"name":"https://web3.bitget.com/en/dapp/dexodus-28569","type":"other","url":""},{"credibility":3,"name":"https://pump.fun/coin/9eEcioewNN6hcvRsYAT5UPko4R4gfLgz9XQhGRPqpump","type":"other","url":""},{"credibility":3,"name":"https://www.rootdata.com/Projects/detail/Dexodus?k=MTIzMDY%3D","type":"other","url":""}]}],"sources_used":[],"summary":"Dexodus Finance is an oracle-based perpetual derivatives DEX operating on Coinbase's Base L2 network, founded in 2023 and headquartered in Barcelona, Spain. On May 26, 2025, the protocol suffered a signature replay attack that drained approximately $291,000–$300,000 from its liquidity pool due to the absence of nonce tracking and timestamp validation in its Chainlink oracle price-report verification logic. The team claims to have achieved 100% fund recovery within 24 hours, deprecated Perps V1, and launched a redesigned Perps V2 system; however, the protocol's current TVL remains modest at approximately $1.28M and independent verification of the full recovery narrative is limited.","timeline":[{"date":"2023-01-01","event":"Dexodus Finance founded in Barcelona, Spain by Miguel Jalon, Omar Alshaeb Foz, and Alvaro Luque Vargas.","source":""},{"date":"2025-05-26","event":"Signature replay exploit on Perps V1 drains approximately $291,000–$300,000 from the liquidity pool; attack transaction hash 0x6ffb494293fc5c32c5a6ab7dc3fff1fcc6e90fba9a6d6e486ba0a15ce518147e confirmed on-chain.","source":""},{"date":"2025-05-27","event":"Team claims 100% recovery of affected liquidity pool funds; 107 ETH reported transferred to team-controlled multisig; 6.2 ETH transferred to Binance in alleged bounty settlement. Exploit vector patched.","source":""},{"date":"2025-05-27","event":"Perps V1 deprecated; trader collateral transferred directly to user accounts. Perps V2 system launched. Halborn, SEAL 911, Chainlink Security, and Binance reported to be tracing attacker wallet.","source":""},{"date":"2025-06-01","event":"Multiple post-mortem analyses published by QuillAudits, SolidityScan, and Olympix confirming signature replay root cause.","source":""},{"date":"2025-06-25","event":"Token Generation Event conducted; 16% of total token supply allocated to community participants.","source":""}]},"v":1}