Skip to main content
Sign in
← avoid.net

Verify a decision

Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.

How verification works

  1. We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction.
  2. We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
  3. You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>

Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.

Decision
publish · Clober Liquidity Vault
View on Solana ↗
Sequence
#1
Score
Cluster
mainnet-beta
Slot
423087959
Off-chain at
2026-05-30T04:56:40.577Z
Anchored at
Block time

Independent verification

1. Database (off-chain)
5g3eCKv3AabC3jpc3Bz5jNaPb7yXg8tGQkXTCQmYcG6m
2. Recomputed (your browser)
computing…
3. On-chain (Solana memo)
fetching…
Canonical bytes hashed (6889 chars)
{"actor":"system:backfill","investigation_id":"1a79704b-57a7-48c8-a46e-fc27bd4c6d12","kind":"publish","page_slug":"clober-liquidity-vault","published_at":"2026-05-30T04:56:40.499Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Clober Liquidity Vault","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/cloberdex-rekt","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/clober-liquidity-vault","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/clober-dex-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://x.com/CloberDEX/status/1863504665851433203","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.certik.com/resources/blog/clober-dex-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/cloberdex-rekt","type":"other","url":""},{"credibility":3,"name":"https://www.quillaudits.com/blog/hack-analysis/cloberdex-reentrancy-exploit-501k","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/cloberdex-liquidity-vault-hack-analysis-f22eb960aa6f","type":"other","url":""},{"credibility":3,"name":"https://x.com/peckshieldalert/status/1866434326596112705","type":"other","url":""},{"credibility":3,"name":"https://x.com/peckshield/status/1866443215186088048","type":"other","url":""},{"credibility":3,"name":"https://basescan.org/address/0x012fc6377f1c5ccf6e29967bce52e3629aaa6025","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/cloberdex-rekt","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/clober-dex-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/single/clober-dex-hack","type":"other","url":""},{"credibility":3,"name":"https://www.quillaudits.com/blog/hack-analysis/cloberdex-reentrancy-exploit-501k","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://x.com/peckshieldalert/status/1866434326596112705","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/clober-dex-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/cloberdex-rekt","type":"other","url":""},{"credibility":3,"name":"https://lunaray.medium.com/cloberdex-hack-analysis-04bc7cd3cbc4","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.certik.com/resources/blog/clober-dex-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/cloberdex-rekt","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/clober-liquidity-vault","type":"other","url":""},{"credibility":3,"name":"https://www.cryptopolitan.com/clober-vault-exploited-team-offers-bounty/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://x.com/peckshieldalert/status/1866434326596112705","type":"other","url":""},{"credibility":3,"name":"https://x.com/peckshield/status/1866443215186088048","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/clober-dex-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://www.quillaudits.com/blog/hack-analysis/cloberdex-reentrancy-exploit-501k","type":"other","url":""},{"credibility":3,"name":"https://blog.solidityscan.com/cloberdex-liquidity-vault-hack-analysis-f22eb960aa6f","type":"other","url":""},{"credibility":3,"name":"https://lunaray.medium.com/cloberdex-hack-analysis-04bc7cd3cbc4","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/single/clober-dex-hack","type":"other","url":""},{"credibility":3,"name":"https://www.nominis.io/insights/crypto-security-incidents-december-2024","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/cloberdex-rekt","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/clober-dex-incident-analysis","type":"other","url":""},{"credibility":3,"name":"https://www.cryptopolitan.com/clober-vault-exploited-team-offers-bounty/","type":"other","url":""},{"credibility":3,"name":"https://www.mitrade.com/insights/news/live-news/article-3-515047-20241211","type":"other","url":""}]}],"sources_used":[],"summary":"Clober is a fully on-chain order book DEX (Decentralized Exchange) for EVM networks, built on the proprietary LOBSTER algorithm, which launched on February 14, 2023. Its Liquidity Vault product, a hybrid order-book/AMM product launched on Coinbase's Base network in December 2024, was exploited for approximately 133.7 ETH (~$501,000) within days of launch due to a reentrancy vulnerability introduced in post-audit code changes. The attacker ultimately moved the stolen funds through Tornado Cash after on-chain bounty negotiations failed.","timeline":[{"date":"2023-02-14","event":"Clober V1 launches as the first fully on-chain order book DEX for EVM, introducing the LOBSTER algorithm.","source":""},{"date":"2024-11-30","event":"Clober announces the Clober Liquidity Vault (CLV) going live on Base network, combining order book precision with AMM simplicity using Chainlink DataStream price feeds.","source":""},{"date":"2024-12-10","event":"Clober Liquidity Vault on Base is exploited via a reentrancy attack on the Rebalancer contract's _burn() function. Attacker uses a 267.4 ETH Morpho Blue flash loan and a malicious strategy contract. Approximately 133.7 ETH (~$501,000) is drained. PeckShield issues the first public alert.","source":""},{"date":"2024-12-10","event":"Stolen 133.7 ETH is bridged from Base to Ethereum mainnet via Across Protocol and split across two attacker-controlled addresses: 0x711C87A0767101Fa6f3893FACb670B5689621e23 and 0x7760d838192f6E526721a0f6b160627baE989a3e.","source":""},{"date":"2024-12-11","event":"Clober team issues a public statement confirming the exploit, asserting Core protocol and Arbitrum are unaffected, and sends an on-chain message offering the attacker a 20% white-hat bounty (~$100,000) with no legal repercussions.","source":""},{"date":"2024-12-11","event":"CertiK, QuillAudits, SolidityScan, and Lunaray publish independent technical post-mortems. Security researcher Raz0r of Decurity identifies the vulnerable burnHook as a post-audit code addition.","source":""},{"date":"2024-12-31","event":"Clober team confirms bounty negotiations with the attacker have failed and that the stolen assets have been moved into Tornado Cash, effectively laundering the funds.","source":""}]},"v":1}