Skip to main content
Sign in
← avoid.net

Verify a decision

Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.

How verification works

  1. We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction.
  2. We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
  3. You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>

Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.

Decision
publish · BlueBerry Protocol
View on Solana ↗
Sequence
#1
Score
Cluster
mainnet-beta
Slot
422554258
Off-chain at
2026-05-27T18:12:36.542Z
Anchored at
Block time

Independent verification

1. Database (off-chain)
BUjW39rQBv4RkQSb14TGeDFu9J678ZVVz4FZ3UeD4eW7
2. Recomputed (your browser)
computing…
3. On-chain (Solana memo)
fetching…
Canonical bytes hashed (8235 chars)
{"actor":"system:backfill","investigation_id":"3158155c-6640-4d25-b0b1-46733799554e","kind":"publish","page_slug":"blueberry","published_at":"2026-05-27T18:12:36.486Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"BlueBerry Protocol","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/@blueberryprotocol/2-22-24-exploit-post-mortem-6f6be7c1dcc3","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/defi-protocol-blueberry-pauses-after-exploit","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/white-hat-saves-million-defi-exploit/","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/single/blueberry-protocol-narrowly-avoids-1-3-million-hack","type":"other","url":""},{"credibility":3,"name":"https://cryptonews.com/news/blueberry-defi-protocol-suspends-lending-services-after-1-3m-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/@blueberryprotocol/2-22-24-exploit-post-mortem-6f6be7c1dcc3","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/single/blueberry-protocol-narrowly-avoids-1-3-million-hack","type":"other","url":""},{"credibility":3,"name":"https://bsc.news/post/defi-platform-blueberry-halts-operations-following-exploitation-attempt-what-happened","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://beincrypto.com/white-hat-saves-million-defi-exploit/","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@blueberryprotocol/2-22-24-exploit-post-mortem-6f6be7c1dcc3","type":"other","url":""},{"credibility":3,"name":"https://www.theblock.co/post/242136/mev-bot-runner-c0ffeebabe-eth-returns-5-4-million-amid-curve-exploit","type":"other","url":""},{"credibility":3,"name":"https://cryptonews.com/news/blueberry-defi-protocol-suspends-lending-services-after-1-3m-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://github.com/sherlock-audit/2023-02-blueberry-judging","type":"other","url":""},{"credibility":3,"name":"https://github.com/sherlock-audit/2023-07-blueberry-judging","type":"other","url":""},{"credibility":3,"name":"https://hacken.io/audits/blueberry-protocol/","type":"other","url":""},{"credibility":3,"name":"https://hackmd.io/@brainbot-services/recap_blueberry","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@blueberryprotocol/re-launch-security-update-49442502ec67","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/@blueberryprotocol/2-22-24-exploit-post-mortem-6f6be7c1dcc3","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@blueberryprotocol/blueberry-tokenomics-and-token-generation-event-lockdrop-airdrop-1ac267d30092","type":"other","url":""},{"credibility":3,"name":"https://cryptorank.io/ico/blueberry-protocol","type":"other","url":""},{"credibility":3,"name":"https://www.binance.com/en/square/post/2024-02-24-blueberry-protocol-to-compensate-users-after-vulnerability-attack-4536854784242","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://medium.com/@blueberryprotocol/team-behind-blueberry-raises-1-2m-to-enable-capital-efficient-borrowing-on-ethereum-f1aef0a25023","type":"other","url":""},{"credibility":3,"name":"https://www.finsmes.com/2024/06/blueberry-protocol-raises-2-5m-series-a-funding.html","type":"other","url":""},{"credibility":3,"name":"https://www.crunchbase.com/organization/blueberry-protocol","type":"other","url":""},{"credibility":3,"name":"https://www.linkedin.com/in/bailey-spraggins/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.web3isgoinggreat.com/single/blueberry-protocol-narrowly-avoids-1-3-million-hack","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/defi-protocol-blueberry-pauses-after-exploit","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://defillama.com/protocol/blueberry","type":"other","url":""},{"credibility":3,"name":"https://v1.docs.blueberry.garden/","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@blueberryprotocol/re-launch-security-update-49442502ec67","type":"other","url":""},{"credibility":3,"name":"https://medium.com/@blueberryprotocol/blueberrys-security-first-approach-to-generalized-leverage-765c42dcd748","type":"other","url":""}]}],"sources_used":[],"summary":"Blueberry Protocol is an Ethereum-based decentralized leveraged yield farming and prime brokerage protocol developed by Composable Corp. In February 2024, the protocol suffered a significant exploit caused by an oracle misconfiguration that allowed a flash loan attacker to drain approximately 457.7 ETH (~$1.35M) from three lending markets; most funds were rescued by white hat MEV operator c0ffeebabe.eth but ~91 ETH (~$265,000) was permanently lost to validator payments. Despite completing multiple Sherlock and Hacken audits and raising $2.5M in a June 2024 Series A, the protocol's security track record and history of audit findings raise material concerns for prospective users.","timeline":[{"date":"2023-02-01","event":"Sherlock audit contest #1 (2023-02-blueberry) identifies high-severity issues including ineffective deadline checks and oracle staleness vulnerabilities.","source":""},{"date":"2023-04-01","event":"Sherlock audit contest #2 (2023-04-blueberry) identifies sandwich attack risks in IchiVaultSpell and ConvexSpell withdrawals.","source":""},{"date":"2023-05-01","event":"Sherlock audit contest #3 (2023-05-blueberry) conducted.","source":""},{"date":"2023-07-01","event":"Sherlock audit contest #4 (2023-07-blueberry) conducted.","source":""},{"date":"2024-01-29","event":"BLB token lockdrop campaign begins on Ethereum mainnet, offering 5% of total BLB supply to early lenders over a 56-day period.","source":""},{"date":"2024-02-22","event":"At 08:36 UTC, borrowing functionality in the new money market is activated prematurely — before the intended Monday launch of borrowing strategies. The money market is using CoreOracle, an incorrect oracle that prices assets with fewer than 18 decimals severely below market value.","source":""},{"date":"2024-02-23","event":"At 02:22 UTC, an attacker executes a flash loan attack using 1 WETH from Balancer, exploiting the oracle misconfiguration to drain 8,616 OHM, 913,263 USDC, and 6.87 WBTC across three lending markets, totaling 457.684 ETH (~$1.35M). c0ffeebabe.eth front-runs the attacker and routes 366.6 ETH to the Blueberry multisig. ~91 ETH is permanently lost to validator payments.","source":""},{"date":"2024-02-23","event":"Blueberry Protocol Foundation announces exploit on X (formerly Twitter), pauses all lending operations, and advises users to withdraw from lending markets.","source":""},{"date":"2024-02-24","event":"Blueberry Foundation publishes initial recovery statement committing to 100% repayment of affected lenders. Community TGE allocation increased from 5% to 10% of total supply as additional compensation for affected users.","source":""},{"date":"2024-02-25","event":"Post-mortem published confirming oracle misconfiguration as root cause. Composable Corp pays 10% bounty on recovered funds to c0ffeebabe.eth and collaborators.","source":""},{"date":"2024-03-01","event":"Post-exploit audits commissioned from Spearbit, 0x52, and Cuthalion0x. Results find no additional high-severity vulnerabilities threatening user funds beyond the oracle fix.","source":""},{"date":"2024-06-04","event":"Blueberry Protocol raises $2.5M Series A funding led by White Star Capital, with participation from Varys Capital, SNZ Capital, Alchemix DAO, and others.","source":""},{"date":"2024-06-05","event":"BLB token IDO opens, running through June 10, 2024, raising approximately $190,000 at $0.0194 per BLB.","source":""}]},"v":1}