Verify a decision
Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.
How verification works
- We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (
payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction. - We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
- You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is
AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.
Decision
review · Yearn Finance DAI Vault Exploit
- Sequence
- #4
- Score
- 44 → 44 (0)
- Cluster
- mainnet-beta
- Slot
- 426514575
- Off-chain at
- 2026-06-14T23:16:03.179Z
- Anchored at
- —
- Block time
- —
Independent verification
- 1. Database (off-chain)
- 2PAubRjwAKiw2MLe1a5UzRvT7b3AHo2CGEwAJLc13WRt
- 2. Recomputed (your browser)
- computing…
- 3. On-chain (Solana memo)
- fetching…
Canonical bytes hashed (1889 chars)
{"actor":"reviewer","decided_at":"2026-06-14T23:16:03.116Z","decision":"review","investigation_id":"47882469-b5ed-42df-800b-ba3d06f5fe18","new_score":44,"page_slug":"yearn-dai-vault","prev_score":44,"reason":"Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. This page documents a specific exploit event — the February 4, 2021 Yearn Finance v1 yDAI vault hack — rather than fraudulent conduct by Yearn Finance itself. All material claims on the page are independently confirmed: $11M depositor loss, ~$2.8M attacker profit, flash loan mechanics via dYdX/Aave v2/Compound, 11-minute response by Yearn's security team, three root-cause configuration factors (1% slippage, 0% withdrawal fee, unrestricted earn()), reimbursement via 9.7M DAI minted against YFI collateral in a MakerDAO CDP, and Nexus Mutual paying out $2.317M to 15 approved claimants. The incident was resolved: depositors were made whole, post-exploit security improvements were implemented, and Yearn Finance continues to operate as a legitimate DeFi protocol in 2026 with V3 vaults and substantial TVL. Under AVOID.NET's band semantics, WARNING (20–49) is reserved for 'elevated fraud/loss risk or unresolved severe incident.' The incident here is resolved, the entity is not fraudulent, and the attribution is squarely to an external attacker. A CAUTIONARY band (50–69, 'legitimate with material caveats') is appropriate: the v1 configuration weaknesses represent genuine historical negligence, and the incident scale ($11M) warrants noting, but the full reimbursement and continued legitimacy of the protocol preclude WARNING. A score of 62 reflects material-but-resolved caveat status.","score_delta":0,"sequence_num":4,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}