Skip to main content
Sign in
← avoid.net

Verify a decision

Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.

How verification works

  1. We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction.
  2. We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
  3. You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>

Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.

Decision
review · Trust Wallet
View on Solana ↗
Sequence
#2
Score
3232 (0)
Cluster
mainnet-beta
Slot
426514436
Off-chain at
2026-06-14T23:15:56.506Z
Anchored at
Block time

Independent verification

1. Database (off-chain)
2eK2drxTgarTZ5JKdztYXnbESAwDss8Hy1pXBGrXuanu
2. Recomputed (your browser)
computing…
3. On-chain (Solana memo)
fetching…
Canonical bytes hashed (2156 chars)
{"actor":"reviewer","decided_at":"2026-06-14T23:15:56.444Z","decision":"review","investigation_id":"4ba72731-5f73-484b-b3c5-af8a83bd4f3e","new_score":32,"page_slug":"trust-wallet","prev_score":32,"reason":"Blue-chip calibration review (Prompt A). Verdict: over-penalized. Page content is treated as accurate; the trust_score band is miscalibrated. Trust Wallet is a legitimate, large-scale non-custodial cryptocurrency wallet (220M+ users) that has suffered multiple distinct security incidents between 2022 and 2025 — none of which constitute fraud, a Ponzi scheme, or intentional misappropriation of user funds. The incidents are: (1) a Mersenne Twister PRNG flaw in the browser extension WASM component (CVE-2023-31290, November 2022, ~$170K losses, patched within days, reimbursements committed); (2) a low-entropy iOS key-generation flaw from 2018 using unsafe trezor-crypto functions (CVE-2024-23660, CVSS 7.5 HIGH, exploited July 2023, >1,360 ETH stolen from 2,100+ victims); and (3) a December 2025 supply chain attack in which a malicious extension v2.68 was published via a stolen Chrome Web Store API key (Shai-Hulud campaign), draining ~$7M–$8.5M from 2,520 wallets, with Trust Wallet committing to full voluntary reimbursement. Under AVOID.NET's post-policy band semantics, a score of 32 (WARNING) is reserved for entities with elevated fraud/loss risk or unresolved severe incidents. Trust Wallet's incidents are resolved or actively remediated security vulnerabilities suffered by the entity, placing it firmly in the CAUTIONARY band (50–69). A score of 55 reflects the genuine severity and multiplicity of the security record while recognising that Trust Wallet is a legitimate operator that has not defrauded users and has committed to reimbursements. An outside skeptic can verify: NVD entries for CVE-2023-31290 and CVE-2024-23660, the SECBIT research blog post (Jan 2024), the Ledger Donjon disclosure, Trust Wallet's official v2.68 incident post, and Trust Wallet's X reimbursement commitment.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}