Verify a decision

{"actor":"system:backfill","investigation_id":"8e8cda68-7a31-4dd2-b75f-7189f98ab0e2","kind":"publish","page_slug":"sir","published_at":"2026-05-30T04:06:03.956Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"SIR (Synthetics Implemented Right)","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/@xatarra/sir-pleased-to-meet-you-32b92f0e6fc7","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/defi-protocol-sir-trading-loses-entire-355-k-tvl-exploit","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/sirtrading-rekt","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://research.blockscope.co/sir-protocol-exploit/","type":"other","url":""},{"credibility":3,"name":"https://defihacklabs.substack.com/p/sir-exploit-355k-loss-vulnerability","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/synthetics-implemented-right-sir-hack-analysis-837d328c4c30","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/sirtrading-rekt","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/defi-protocol-sir-trading-loses-entire-355-k-tvl-exploit","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://github.com/Egis-Security/audits/blob/main/README.md","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/sirtrading-rekt","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/synthetics-implemented-right-sir-hack-analysis-837d328c4c30","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/sir-trading-offers-attacker-100k-bounty-after-losing-entire-tvl-to-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://crypto.news/sir-trading-offers-attacker-100k-bounty-after-losing-entire-tvl-to-exploit/","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/sir-trading-founder-begs-hacker-return-funds-or-wont-survive","type":"other","url":""},{"credibility":3,"name":"https://research.blockscope.co/sir-protocol-exploit/","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/sirtrading-rekt","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/sirtrading-rekt","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/sir-trading-offers-attacker-100k-bounty-after-losing-entire-tvl-to-exploit/","type":"other","url":""},{"credibility":3,"name":"https://dexscreener.com/ethereum/0xd213f59f057d32194592f22850f4f077405f9bc1","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://en.wikipedia.org/wiki/ZachXBT","type":"other","url":""},{"credibility":3,"name":"https://zachxbt.mirror.xyz/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://research.blockscope.co/sir-protocol-exploit/","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/sirtrading-rekt","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/synthetics-implemented-right-sir-hack-analysis-837d328c4c30","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/defi-protocol-sir-trading-loses-entire-355-k-tvl-exploit","type":"other","url":""}]}],"sources_used":[],"summary":"SIR (Synthetics Implemented Right), operating as SIR.trading, is an Ethereum-based DeFi protocol offering non-liquidating leveraged tokens and synthetic assets. On March 30, 2025, just 39 days after its February 20 mainnet launch, the protocol's Vault contract was completely drained of its entire $355,000 TVL through an exploit targeting a novel misuse of Ethereum's transient storage (EIP-1153) introduced in the Dencun upgrade. The attacker laundered proceeds through Railgun; the founder publicly pleaded for a partial return of funds; the protocol subsequently relaunched after completing four additional security audits.","timeline":[{"date":"2021-07-20","event":"Founder Xatarrer publishes introductory Medium post announcing SIR (Synthetics Implemented Right) and recruiting developers","source":""},{"date":"2025-01-01","event":"Egis Security completes pre-launch audit, identifying 3 high, 2 medium, and 2 low severity issues","source":""},{"date":"2025-01-30","event":"Attacker deploys dummy ERC-20 tokens and creates a Uniswap V3 pool with controlled liquidity in preparation for the exploit","source":""},{"date":"2025-02-20","event":"SIR.trading launches on Ethereum mainnet; TVL begins growing organically toward approximately $400,000","source":""},{"date":"2025-03-30","event":"Attacker exploits transient storage collision in Vault contract's uniswapV3SwapCallback function, draining entire $355,000 TVL; stolen funds laundered through Railgun within minutes; TenArmorAlert and Decurity detect and publicize the attack","source":""},{"date":"2025-03-31","event":"Founder Xatarrer posts on-chain plea to attacker, offering $100,000 (28% of stolen funds) as a bounty in exchange for return of the remainder, pledging no legal action","source":""},{"date":"2025-04-01","event":"SIR.trading contacts Railgun directly seeking assistance in tracing or recovering stolen funds; attacker does not respond to bounty offer","source":""},{"date":"2025-04-01","event":"Protocol team announces intent to rebuild; seeks auditors willing to work for token equity given depleted funds","source":""},{"date":"2025-09-01","event":"Protocol reports completion of four additional security audits and announces relaunch at app.sir.trading","source":""}]},"v":1}