Verify a decision
Every moderation decision on AVOID.NET is anchored to the Solana blockchain. You don't have to trust us — you can verify cryptographically that we committed to a verdict at a specific moment and have not rewritten it.
How verification works
- We commit. When a moderator accepts/rejects a submission, we serialize the decision into deterministic UTF-8 bytes (
payload_canonical_string), hash it with SHA-256, encode the digest as base58, and write it to Solana inside an SPL Memo v2 transaction. - We store the bytes. The exact bytes we hashed are stored alongside the decision in our database. Anyone can read them and recompute the hash in any language.
- You compare three values. Database hash, your independently-recomputed hash, and the hash inside the on-chain memo. If all three match, the decision is authentic and timestamped.
The on-chain memo format is
AVOID.NET|v1|h:<b58-sha256>|d:<id>|t:<iso>Find a signature on any investigation page's decision log, or run python -m src.verify_decision --signature <sig> for a CLI check.
Decision
review_revise · Shai-Hulud / TeamPCP Supply Chain Attack
- Sequence
- #3
- Score
- 0 → 0 (-12)
- Cluster
- mainnet-beta
- Slot
- 426522805
- Off-chain at
- 2026-06-15T00:12:00.352Z
- Anchored at
- —
- Block time
- —
Independent verification
- 1. Database (off-chain)
- E8mWf23s6zxgKH1izbmsUCqFaPFvF4MwWUSAEGLsCSH1
- 2. Recomputed (your browser)
- computing…
- 3. On-chain (Solana memo)
- fetching…
Canonical bytes hashed (1416 chars)
{"actor":"judge","decided_at":"2026-06-15T00:12:00.198Z","decision":"review_revise","investigation_id":"e1075e99-3a81-4c83-a3ee-8104ee20a1dc","new_score":0,"page_slug":"shai-hulud-teampcp-supply-chain-attack","prev_score":0,"reason":"The review found 3 disputed claims out of 40 (12.5% disputed rate), placing this in the minor-revision band. Two of the disputes are material: claim_findings[8] shows the 'Original Shai-Hulud Worm (September 2025)' section incorrectly attributes the set_bun.js / bun_environment.js preinstall hook mechanism and SHA1HULUD runner to the original September 2025 wave — multiple Tier 1 and Tier 2 sources confirm these technical elements belong exclusively to the November 2025 Shai-Hulud 2.0 variant. claim_findings[9] similarly misattributes the 25,000 GitHub repository statistic to the original wave when multiple sources with explicit 'second wave' framing assign it to 2.0. Additionally, claim_findings[3] and [18] present the $8.5M loss figure as definitive while the page's own cited CoinDesk source (Tier 1) reports $7M, creating an unresolved internal contradiction. The page is otherwise broadly well-sourced with strong corroboration from Tier 1 sources across the majority of claims, and no link rot or staleness was identified.","score_delta":-12,"sequence_num":3,"submission_content_hash":null,"submission_id":null,"submission_kind":null,"submission_valence":null,"v":1}