Verify a decision
Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.
How verification works
- We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (
payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction. - We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
- You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is
AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.
Decision
publish · EraLend
- Sequence
- #1
- Score
- →
- Cluster
- mainnet-beta
- Slot
- 422748336
- Off-chain at
- 2026-05-28T15:33:53.293Z
- Anchored at
- —
- Block time
- —
Independent verification
- 1. Database (off-chain)
- 84xS76fDt98zX39tUv4fubfATHWXr91knWLBj7aYciik
- 2. Recomputed (your browser)
- computing…
- 3. On-chain (Solana memo)
- fetching…
Canonical bytes hashed (4330 chars)
{"actor":"system:backfill","investigation_id":"58dfd95d-061d-4889-8631-bdb547d06e1a","kind":"publish","page_slug":"eralend","published_at":"2026-05-28T15:33:53.207Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"EraLend","sections":[{"content":"","heading":"","severity":"critical","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-eralend-hack-july-2023","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/eralend-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/eralend-rekt","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2023/07/25/zksyncs-largest-lender-struck-by-34m-exploit","type":"other","url":""}]},{"content":"","heading":"","severity":"high","sources":[{"credibility":3,"name":"https://www.certik.com/resources/blog/eralend-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-eralend-hack-july-2023","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/eralend-rekt","type":"other","url":""}]},{"content":"","heading":"","severity":"high","sources":[{"credibility":3,"name":"https://rekt.news/eralend-rekt","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-eralend-hack-july-2023","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://eralend.medium.com/charting-the-path-forward-eralends-response-and-blueprint-following-the-security-incident-aa8ae4961b4c","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2023/08/08/eralend-separates-exploited-contract-relaunches/","type":"other","url":""},{"credibility":3,"name":"https://www.binance.com/en/square/post/868073","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/eralend","type":"other","url":""}]},{"content":"","heading":"","severity":"low","sources":[{"credibility":3,"name":"https://eralend.medium.com/nexon-finance-is-now-eralend-1aa9caeac537","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/eralend-crypto-lending-protocol-security-breach/","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/eralend-rekt","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/eralend","type":"other","url":""},{"credibility":3,"name":"https://dappradar.com/dapp/eralend","type":"other","url":""},{"credibility":3,"name":"https://eralend.medium.com/","type":"other","url":""}]}],"sources_used":[],"summary":"EraLend (formerly Nexon Finance) is a decentralized lending protocol on zkSync Era that suffered a $3.4 million read-only reentrancy exploit on July 25, 2023, draining its USDC pool due to a vulnerability in inherited SyncSwap oracle code. The protocol's pre-hack audit by PeckShield explicitly assumed a trusted price oracle, leaving the vulnerable oracle mechanism unexamined. EraLend relaunched post-hack with a fee-based compensation plan but has seen its TVL decline sharply to approximately $138,000 as of 2025-2026.","timeline":[{"date":"2023-02-09","event":"Nexon Finance public testnet launches on zkSync","source":""},{"date":"2023-03-01","event":"PeckShield audits Nexon Finance; audit assumes a trusted price oracle, leaving oracle mechanism unexamined","source":""},{"date":"2023-04-01","event":"Nexon Finance goes live on zkSync Era mainnet","source":""},{"date":"2023-05-20","event":"Nexon Finance rebrands to EraLend","source":""},{"date":"2023-07-25","event":"EraLend exploited via read-only reentrancy attack; approximately $3.4M stolen from USDC pool by attacker 0xf1D076c9Be4533086f967e14EE6aFf204D5ECE7a","source":""},{"date":"2023-07-26","event":"EraLend confirms attack, suspends borrowing, advises against USDC deposits; SlowMist engaged for asset tracing","source":""},{"date":"2023-08-08","event":"EraLend separates exploited contract into 'EraLend Classic' and relaunches new protocol without SyncSwap LP pool; 10% recovery reward offered","source":""},{"date":"2024-02-07","event":"EraLend announces partnership with Pyth Network — last known public communication","source":""}]},"v":1}