Verify a decision
Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.
How verification works
- We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (
payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction. - We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
- You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is
AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.
Decision
review · Penpie
- Sequence
- #2
- Score
- 28 → 28 (0)
- Cluster
- mainnet-beta
- Slot
- 424291265
- Off-chain at
- 2026-06-04T17:44:52.453Z
- Anchored at
- —
- Block time
- —
Independent verification
- 1. Database (off-chain)
- CihrFfsDefEgoqzTrwDtbq22Bzv54gpcbu3r6F5WTwqJ
- 2. Recomputed (your browser)
- computing…
- 3. On-chain (Solana memo)
- fetching…
Canonical bytes hashed (1106 chars)
{"actor":"reviewer","decided_at":"2026-06-04T17:44:52.372Z","decision":"review","investigation_id":"8388ccc1-df89-4f34-99e6-1bea24787247","new_score":28,"page_slug":"penpiexyz","prev_score":28,"reason":"The Penpie investigation page is substantially accurate and well-sourced on the core facts of the exploit, the technical mechanism, the law enforcement response, and the laundering timeline. The primary material weakness is the omission of WatchPug as one of the two early auditors — the page's audit section names only Zokyo and AstraSec, but contemporaneous reporting and official documentation identify Zokyo and WatchPug as the two auditors who both missed the vulnerability. Additionally, two cited URLs are dead (the Zokyo post-mortem blog and the CoinTelegraph Crypto-Sec article), and the compensation token is called 'SRT' in news coverage but 'PRT' in the governance documents, representing a minor terminological inconsistency across proposal drafts.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}