Skip to main content
Sign in
← avoid.net

Verify a decision

Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.

How verification works

  1. We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction.
  2. We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
  3. You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>

Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.

Decision
publish · Paraluni Masterchef
View on Solana ↗
Sequence
#1
Score
Cluster
mainnet-beta
Slot
422751069
Off-chain at
2026-05-28T15:51:51.714Z
Anchored at
Block time

Independent verification

1. Database (off-chain)
DBnnCHsB6LAX3E9MEPuLzDw7TDKChS5ofwDDAVjqWw9y
2. Recomputed (your browser)
computing…
3. On-chain (Solana memo)
fetching…
Canonical bytes hashed (7655 chars)
{"actor":"system:backfill","investigation_id":"e8582ce5-3559-4b14-a2e5-ff98dd7f8e65","kind":"publish","page_slug":"paraluni-masterchef","published_at":"2026-05-28T15:51:51.621Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Paraluni Masterchef","sections":[{"content":"","heading":"","severity":"low","sources":[{"credibility":2,"name":"Explained: The Paraluni Hack (March 2022) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-paraluni-hack-march-2022"},{"credibility":2,"name":"Paraluni Incident Analysis — SlowMist / Medium","type":"research","url":"https://slowmist.medium.com/paraluni-incident-analysis-58be442a4f99"}]},{"content":"","heading":"","severity":"critical","sources":[{"credibility":2,"name":"Paraluni Exploit — CertiK Blog","type":"research","url":"https://www.certik.com/resources/blog/4mPLWLwyKG4xy30x65uLgw-paraluni-exploit"},{"credibility":2,"name":"Paraluni Incident Analysis — SlowMist / Medium","type":"research","url":"https://slowmist.medium.com/paraluni-incident-analysis-58be442a4f99"},{"credibility":2,"name":"Explained: The Paraluni Hack (March 2022) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-paraluni-hack-march-2022"},{"credibility":2,"name":"Hackers exploited reentrancy vulnerability to attack Paraluni — Lunaray / Coinmonks / Medium","type":"research","url":"https://medium.com/coinmonks/hackers-exploited-reentrancy-vulnerability-to-attack-paraluni-and-made-more-than-1-7-b748843c6487"},{"credibility":1,"name":"Attack transaction — BscScan","type":"on_chain","url":"https://bscscan.com/tx/0x70f367b9420ac2654a5223cc311c7f9c361736a39fd4e7dff9ed1b85bab7ad54"},{"credibility":1,"name":"Attacker address — BscScan","type":"on_chain","url":"https://bscscan.com/address/0x94bc1d555e63eea23fe7fdbf937ef3f9ac5fcf8f"}]},{"content":"","heading":"","severity":"critical","sources":[{"credibility":2,"name":"Paraluni Incident Analysis — SlowMist / Medium","type":"research","url":"https://slowmist.medium.com/paraluni-incident-analysis-58be442a4f99"},{"credibility":2,"name":"Paraluni Exploit — CertiK Blog","type":"research","url":"https://www.certik.com/resources/blog/4mPLWLwyKG4xy30x65uLgw-paraluni-exploit"},{"credibility":2,"name":"PeckShield alert tweet — March 13, 2022","type":"social_media","url":"https://twitter.com/peckshield/status/1502817503877074947"}]},{"content":"","heading":"","severity":"high","sources":[{"credibility":2,"name":"Explained: The Paraluni Hack (March 2022) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-paraluni-hack-march-2022"},{"credibility":2,"name":"Metaverse Project Paraluni Hacked: Reportedly $1.7M Lost — CoinCodeCap","type":"news_article","url":"https://coincodecap.com/paraluni-hacked-reportedly-1-7m-lost"}]},{"content":"","heading":"","severity":"high","sources":[{"credibility":2,"name":"Paraluni Exploit — CertiK Blog","type":"research","url":"https://www.certik.com/resources/blog/4mPLWLwyKG4xy30x65uLgw-paraluni-exploit"},{"credibility":2,"name":"Explained: The Paraluni Hack (March 2022) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-paraluni-hack-march-2022"},{"credibility":2,"name":"Paraluni Incident Analysis — SlowMist / Medium","type":"research","url":"https://slowmist.medium.com/paraluni-incident-analysis-58be442a4f99"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"crypto-rekts PARALUNI entry — GitHub","type":"community_report","url":"https://github.com/liqtags/crypto-rekts/blob/main/rekts/PARALUNI.md"},{"credibility":2,"name":"List of Crypto Hacks in the Month of March — ImmuneBytes","type":"research","url":"https://immunebytes.com/blog/list-of-crypto-hacks-in-the-month-of-march/"}]}],"sources_used":[{"credibility":2,"name":"Paraluni Exploit — CertiK Blog","type":"research","url":"https://www.certik.com/resources/blog/4mPLWLwyKG4xy30x65uLgw-paraluni-exploit"},{"credibility":2,"name":"Paraluni Incident Analysis — SlowMist / Medium","type":"research","url":"https://slowmist.medium.com/paraluni-incident-analysis-58be442a4f99"},{"credibility":2,"name":"Explained: The Paraluni Hack (March 2022) — Halborn","type":"research","url":"https://www.halborn.com/blog/post/explained-the-paraluni-hack-march-2022"},{"credibility":2,"name":"Hackers exploited reentrancy vulnerability to attack Paraluni — Lunaray / Coinmonks / Medium","type":"research","url":"https://medium.com/coinmonks/hackers-exploited-reentrancy-vulnerability-to-attack-paraluni-and-made-more-than-1-7-b748843c6487"},{"credibility":2,"name":"Metaverse Project Paraluni Hacked: Reportedly $1.7M Lost — CoinCodeCap","type":"news_article","url":"https://coincodecap.com/paraluni-hacked-reportedly-1-7m-lost"},{"credibility":2,"name":"Metaverse Project Paraluni Was Hacked and Lost about $1.7M — Footprint Network","type":"news_article","url":"https://www.footprint.network/daily-news/Metaverse-Project-Paraluni-Was-Hacked-and-Lost-about-$1.7M,-According-to-PeckShield-fp-622d56b4-ee0a1400-17913de9"},{"credibility":1,"name":"Attack transaction — BscScan","type":"on_chain","url":"https://bscscan.com/tx/0x70f367b9420ac2654a5223cc311c7f9c361736a39fd4e7dff9ed1b85bab7ad54"},{"credibility":1,"name":"Attacker address — BscScan","type":"on_chain","url":"https://bscscan.com/address/0x94bc1d555e63eea23fe7fdbf937ef3f9ac5fcf8f"},{"credibility":2,"name":"PeckShield alert tweet — March 13, 2022","type":"social_media","url":"https://twitter.com/peckshield/status/1502817503877074947"},{"credibility":2,"name":"List of Crypto Hacks in the Month of March — ImmuneBytes","type":"research","url":"https://immunebytes.com/blog/list-of-crypto-hacks-in-the-month-of-march/"},{"credibility":3,"name":"crypto-rekts PARALUNI entry — GitHub","type":"community_report","url":"https://github.com/liqtags/crypto-rekts/blob/main/rekts/PARALUNI.md"}],"summary":"Paraluni is a metaverse DeFi yield-farming protocol deployed on Binance Smart Chain (BSC). On March 13, 2022, its MasterChef smart contract was exploited via a reentrancy vulnerability in the depositByAddLiquidity function, resulting in approximately $1.7 million in losses. The attacker laundered the proceeds through Tornado Cash and never returned funds despite a public appeal from the Paraluni team.","timeline":[{"date":"2022-03-13","event":"Paraluni MasterChef contract exploited via reentrancy attack. Approximately $1.7 million stolen using PancakeSwap flash loans and malicious ERC-20 tokens (UBT/UGT). Attack transaction: 0x70f367b9420ac2654a5223cc311c7f9c361736a39fd4e7dff9ed1b85bab7ad54.","source":"CertiK, SlowMist, Halborn","source_url":"https://www.certik.com/resources/blog/4mPLWLwyKG4xy30x65uLgw-paraluni-exploit"},{"date":"2022-03-13","event":"PeckShield publicly identifies the exploit and attacker address (0x94bc1d555e63eea23fe7fdbf937ef3f9ac5fcf8f) via Twitter alert.","source":"PeckShield Twitter","source_url":"https://twitter.com/peckshield/status/1502817503877074947"},{"date":"2022-03-13","event":"Attacker converts stolen USDT/BUSD to BNB, cross-chains approximately 235 ETH to Ethereum via cBridge, then deposits 660 ETH into Tornado Cash across 12 transactions.","source":"SlowMist Incident Analysis","source_url":"https://slowmist.medium.com/paraluni-incident-analysis-58be442a4f99"},{"date":"2022-03-14","event":"Paraluni team publicly offers to treat the exploit as a white-hat disclosure and proposes a reward in exchange for return of funds. Attacker does not respond.","source":"Halborn / CoinCodeCap","source_url":"https://www.halborn.com/blog/post/explained-the-paraluni-hack-march-2022"}]},"v":1}