Verify a decision
Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.
How verification works
- We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (
payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction. - We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
- You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is
AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.
Decision
publish · Curio
- Sequence
- #1
- Score
- →
- Cluster
- mainnet-beta
- Slot
- 420839271
- Off-chain at
- 2026-05-19T20:13:17.709Z
- Anchored at
- —
- Block time
- —
Independent verification
- 1. Database (off-chain)
- 22Lmw4zX2oLzviCqBeQQSPidr256HEKvRxUkC59mZyC6
- 2. Recomputed (your browser)
- computing…
- 3. On-chain (Solana memo)
- fetching…
Canonical bytes hashed (5149 chars)
{"actor":"system:backfill","investigation_id":"fab6ead4-3fe8-4c91-acad-4791c1109db0","kind":"publish","page_slug":"curio","published_at":"2026-05-19T20:13:17.668Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Curio","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://investcurio.medium.com/curiodao-the-future-of-real-assets-2964c789078"},{"credibility":3,"name":"","type":"other","url":"https://www.venturelab.swiss/Meet-CurioInvest-CEO-Rey-Fernando-Verboonen-and-find-out-how-Wikipedia-helps-him-fall-asleep"},{"credibility":3,"name":"","type":"other","url":"https://www.crunchbase.com/person/fernando-verboonen"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-curio-hack-march-2024"},{"credibility":3,"name":"","type":"other","url":"https://rekt.news/curio-rekt"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/neptune-mutual/analysis-of-the-curio-exploit-1df31252fe66"},{"credibility":3,"name":"","type":"other","url":"https://cryptonews.com/news/curio-hit-by-16-million-exploit-due-to-voting-power-vulnerability/"},{"credibility":3,"name":"","type":"other","url":"https://www.cryptotimes.io/2024/03/26/curio-strikes-back-with-cgt-2-0-following-16-million-exploit/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://rekt.news/curio-rekt"},{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-curio-hack-march-2024"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.venturelab.swiss/Meet-CurioInvest-CEO-Rey-Fernando-Verboonen-and-find-out-how-Wikipedia-helps-him-fall-asleep"},{"credibility":3,"name":"","type":"other","url":"https://www.crunchbase.com/organization/curio-edc3"},{"credibility":3,"name":"","type":"other","url":"https://go.curioinvest.com/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://investcurio.medium.com/curiodaos-recovery-plan-1255427f35de"},{"credibility":3,"name":"","type":"other","url":"https://www.cryptotimes.io/2024/03/26/curio-strikes-back-with-cgt-2-0-following-16-million-exploit/"},{"credibility":3,"name":"","type":"other","url":"https://cryptonews.com/news/curio-hit-by-16-million-exploit-due-to-voting-power-vulnerability/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-curio-hack-march-2024"},{"credibility":3,"name":"","type":"other","url":"https://rekt.news/curio-rekt"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/neptune-mutual/analysis-of-the-curio-exploit-1df31252fe66"},{"credibility":3,"name":"","type":"other","url":"https://investcurio.medium.com/curiodaos-recovery-plan-1255427f35de"}]}],"sources_used":[],"summary":"Curio (CurioDAO) is a multi-chain real-world asset (RWA) DeFi protocol that suffered a critical smart contract exploit on March 23, 2024, resulting in approximately $16 million in losses after an attacker exploited a voting-power privilege escalation vulnerability to mint approximately 1 billion unauthorized CGT governance tokens. The protocol had no known third-party security audits prior to the exploit and relied on internal reviews. Curio announced a recovery plan including a new CGT 2.0 token and a phased compensation program, though independent verification of full compensation delivery remains limited.","timeline":[{"date":"2024-03-23","event":"Exploit executed on Curio's Ethereum governance contract. Attacker acquires minimal CGT tokens, escalates voting privileges via IDSChief/IDSPause contracts, and mints approximately 1 billion unauthorized CGT tokens. Estimated loss: $16 million.","source":""},{"date":"2024-03-23","event":"CurioDAO Association publicly announces the exploit and halts emergency operations.","source":""},{"date":"2024-03-25","event":"Curio publishes official post-mortem identifying a permission access logic vulnerability in the MakerDAO-derived governance smart contract as the root cause.","source":""},{"date":"2024-03-25","event":"Multiple independent security firms (Hacken, Cyvers, Neptune Mutual, Halborn) publish technical analyses of the exploit, corroborating the attack vector.","source":""},{"date":"2024-03-25","event":"Curio announces recovery plan: CGT 2.0 token launch within 2 weeks, four-stage 90-day LP compensation in USDC/USDT, 10% treasury airdrop, and white hat bounty of 10% of recovered funds.","source":""},{"date":"2024-03-26","event":"Curio announces CGT 2.0 token publicly, pledging 100% restoration for pre-exploit CGT holders across all affected networks.","source":""},{"date":"2025-03-23","event":"Projected completion date of the four-stage, one-year compensation program. Independent verification of full delivery is not available in public sources.","source":""}]},"v":1}