Skip to main content
Sign in
← avoid.net

Verify a decision

Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.

How verification works

  1. We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction.
  2. We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
  3. You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>

Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.

Decision
publish · Compounder Finance
View on Solana ↗
Sequence
#1
Score
Cluster
mainnet-beta
Slot
422113828
Off-chain at
2026-05-25T17:34:24.102Z
Anchored at
Block time

Independent verification

1. Database (off-chain)
FP9jCKcrv7dJ7C81eedJR9cELr4src1QcwtuZh8EG6zc
2. Recomputed (your browser)
computing…
3. On-chain (Solana memo)
fetching…
Canonical bytes hashed (6148 chars)
{"actor":"system:backfill","investigation_id":"312d7168-4587-4013-b950-2b2717d3aa4a","kind":"publish","page_slug":"compounder-finance","published_at":"2026-05-25T17:34:24.060Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Compounder Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2020/12/02/108m-stolen-developers-implicated-in-alleged-smart-contract-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://coingeek.com/compounder-dev-team-steals-over-10-million-in-latest-defi-attack/","type":"other","url":""},{"credibility":3,"name":"https://etherscan.io/token/0x7ef1081ecc8b5b5b130656a41d4ce4f89dbbcc8c","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2020/12/02/108m-stolen-developers-implicated-in-alleged-smart-contract-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/50196/defi-auditor-death-threats-12-million-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://cryptoslate.com/this-defi-app-based-on-ethereum-just-stole-12-million-from-its-users/","type":"other","url":""},{"credibility":3,"name":"https://coingeek.com/compounder-dev-team-steals-over-10-million-in-latest-defi-attack/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2020/12/02/108m-stolen-developers-implicated-in-alleged-smart-contract-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/50196/defi-auditor-death-threats-12-million-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://www.quadrigainitiative.com/casestudy/compounderfinancerugpull.php","type":"other","url":""},{"credibility":3,"name":"https://coingeek.com/compounder-dev-team-steals-over-10-million-in-latest-defi-attack/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://decrypt.co/50196/defi-auditor-death-threats-12-million-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/tech/2020/12/02/108m-stolen-developers-implicated-in-alleged-smart-contract-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://coingeek.com/compounder-dev-team-steals-over-10-million-in-latest-defi-attack/","type":"other","url":""},{"credibility":3,"name":"https://www.quadrigainitiative.com/casestudy/compounderfinancerugpull.php","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.quadrigainitiative.com/casestudy/compounderfinancerugpull.php","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/tech/2020/12/02/108m-stolen-developers-implicated-in-alleged-smart-contract-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://chainbulletin.com/compounder-finance-developers-allegedly-involved-in-10-8-million-rug-pull-scheme","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2020/12/02/108m-stolen-developers-implicated-in-alleged-smart-contract-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://cryptoslate.com/this-defi-app-based-on-ethereum-just-stole-12-million-from-its-users/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://decrypt.co/50196/defi-auditor-death-threats-12-million-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/tech/2020/12/02/108m-stolen-developers-implicated-in-alleged-smart-contract-rug-pull","type":"other","url":""},{"credibility":3,"name":"https://www.quadrigainitiative.com/casestudy/compounderfinancerugpull.php","type":"other","url":""}]}],"sources_used":[],"summary":"Compounder Finance was an Ethereum-based DeFi yield aggregator that launched in November 2020 and executed a deliberate rug pull approximately 22 days later, stealing between $10.8 million and $12.5 million from investors. Anonymous developers embedded hidden 'Evil Strategy' smart contracts behind a publicly visible but unmonitored 24-hour timelock, then drained all user funds and deleted the project's website and social media accounts. No funds were recovered and the perpetrators have never been publicly identified.","timeline":[{"date":"2020-11-08","event":"Compounder Finance smart contract deployed on Ethereum (CP3R token contract: 0x7ef1081ecc8b5b5b130656a41d4ce4f89dbbcc8c).","source":""},{"date":"2020-11-19","event":"Solidity Finance releases audit report, flagging centralized developer control over strategy pools via a 24-hour timelock but concluding the protocol is safe from external attacks.","source":""},{"date":"2020-11-19","event":"In the weeks following the audit, developers begin deploying malicious 'Evil Strategy' contracts through the publicly visible but unmonitored timelock.","source":""},{"date":"2020-12-01","event":"Developers execute the rug pull, calling inCaseStrategyTokenGetStuck() across seven malicious strategy contracts and draining all user funds. Website, Twitter, Medium, and Discord are deleted.","source":""},{"date":"2020-12-02","event":"CoinDesk reports $10.8 million stolen; Compound Finance founder Robert Leshner publicly condemns the scheme and confirms no affiliation.","source":""},{"date":"2020-12-02","event":"CP3R token collapses approximately 98.8% in 24 hours, trading at $0.24.","source":""},{"date":"2020-12-03","event":"Decrypt reports Solidity Finance received death threats within 36 hours of the rug pull. DeFiYield.info — which claims $1 million in losses — announces a $50,000 bounty for information leading to fund recovery and organizes a Telegram victim group.","source":""},{"date":"2020-12-03","event":"Solidity Finance publicly acknowledges it should have been clearer about the implications of developer-controlled admin keys and commits to more robust future disclosures.","source":""}]},"v":1}