Verify a decision
Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.
How verification works
- We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (
payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction. - We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
- You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is
AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.
Decision
review · Citrine Sleet / AppleJeus
- Sequence
- #2
- Score
- 0 → 0 (0)
- Cluster
- mainnet-beta
- Slot
- 426291163
- Off-chain at
- 2026-06-13T22:39:06.300Z
- Anchored at
- —
- Block time
- —
Independent verification
- 1. Database (off-chain)
- Dx38ddX7HEXgupnJniMo9zVNxzbZMB6fyzXQUw59vDZm
- 2. Recomputed (your browser)
- computing…
- 3. On-chain (Solana memo)
- fetching…
Canonical bytes hashed (1346 chars)
{"actor":"reviewer","decided_at":"2026-06-13T22:39:06.206Z","decision":"review","investigation_id":"6756abb1-fffe-4beb-a1de-ea0c3f432d07","new_score":0,"page_slug":"citrine-sleet-applejeus","prev_score":0,"reason":"The page is a well-sourced, technically detailed investigation of the Citrine Sleet/AppleJeus threat cluster. The overwhelming majority of claims are confirmed by credible primary sources (Microsoft, MITRE, CISA, Mandiant, Chainalysis, Unit 42). One factual error was identified: CVE-2024-7971's CVSS score is stated as 8.8 but is officially 9.6 per NVD and multiple CVE databases. One attribution confidence level is overstated (3CX attribution described as 'high confidence' to UNC4736 when the Mandiant source says 'moderate confidence' for that specific cluster, though 'high confidence' for the North Korean nexus generally). Download counts for the PondRAT PyPI packages could not be confirmed in the Unit 42 primary source. The page's coverage of the April 2026 Drift Protocol exploit aligns with reporting but minor dollar-amount discrepancies exist across sources ($270M, $280M, $285M, $286M) — the $285 million figure used is the most commonly cited from Drift's own post-mortem.","score_delta":0,"sequence_num":2,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}