Lucifiel Security Research

Solana 链上交易证据Solana On-Chain Transaction Evidence

以下 11 笔交易用于验证 Donut Browser「后端自动签名、用户无确认」的交易执行链路真实存在。全部在 Solana 主网执行,均使用研究者自有钱包 / 自有资金,可在 Solscan 公开查询。

The 11 transactions below verify that Donut Browser’s “backend auto-signs, no user confirmation” execution path really exists. All were executed on Solana mainnet using the researcher’s own wallet / own funds, and are publicly verifiable on Solscan.

证据边界:这些交易只证明「执行链路存在服务端授权边界缺陷」(后端在无用户确认下完成签名并广播),证据限定研究者自有账户 / 自有资金;未对任何第三方用户资金造成实际损失。跨用户场景的越权请求最终由第三方 Turnkey(AUTH001)拦截,详见Donut Browser 证据
Evidence boundary: these transactions prove only that “the execution path has a server-side authorization-boundary flaw” (the backend signs and broadcasts without user confirmation); the evidence is confined to the researcher’s own account / own funds, and no third-party user funds were actually lost. In the cross-user scenario, the unauthorized request was ultimately blocked by the third-party Turnkey (AUTH001) — see Donut Browser evidence.
11真实链上交易Real on-chain transactions
Solana主网 · MainnetMainnet
自有钱包Own wallet研究者自有资金Researcher’s own funds
公开可查VerifiableSolscan
#Transaction Hash(点击在 Solscan 查看)Transaction Hash (click to view on Solscan)
15q1bzbQr5TUWqW2TpweXaACkHv2WXEUHMVR2CZ6QMiQu6ajKeeK618qAW88bNfRo22LMmtuoDTkYeS2SwyxnskEH
22FnWjBWAPGeNt82mK7hUpx3bAxg8DY8NfVfq14vZimxx6CsLw6mEayvpFS5ZH6KkNWWMREkzz9FGqmnWizv3P1Gt
35KqGwtXuvT73Goc9j7ARgwVdMghHc9cq7zu8ztqpW3V6NJ2gWsYDZTNL9XinZnbVVWM7E4t2YM5HnqXoHNbzQT4F
43C8nhdwqdBf4UU4mKC9J8XXPGoGdeHpRma5WYYfdmq2CAdRCTeSWJmfn6tukD1YqExsJpGKumtdpUje9RhnwUFQc
561tAkb1VVFank6HMyWHBmNPUKJKrWSvWq68KkKzA51KWxy6G1G9WWm64uUCoJFP7xbNKndwPTVFP6wEMdAS9adLU
654rsvZ41p2kGQNZWXyamfeJBNgQJE1uBn7XJHdV5bKAqr1jd8TGMubzaSwJEdiBWqeeXTZSTEqcAtZAocLhSZJya
72WVuRuDkG3aQUMryCGkPMWmMN29sXpAWcNB82uZSQrbkJpYb32oLH4z8yHzXjRPVPK9JNq15GVAA7McsK7H2JNHz
85cj2ZnjgDSBQxAm8t7V9Zkezneh6RpB4W1ogcbFT7YQQsdU5nSzRC99y9kPxZTHnEKLfFk7GTKJVZgJhF9QnXYWu
93uhoD4gJTDcMdp1apLft5UsunGs6cg86pEHVEqHbyHRGDV6cgqyfFTd1eAMGkjg3cvNgbZwzesTzkhDrwUR16y85
103sJBaiYQpXpwrxeMwMrJvHiF91odpd7Lt9nvFhK8Jk8VGNqUPRkBWfdW61NfnSx5s52bYsmq1UsKWWQTZSya3pWz
112LTT5Rt9wmoXVro3GfUZxyceAUguTh6jjZ6ap6LttAtydaU6orr5hXCP6kYmxgiqMSNgRCko7N6LumGnnRSA13Y5

查询方式:复制任一 Transaction Hash,访问 https://solscan.io/tx/<hash> 即可核验交易在 Solana 主网的真实状态。

How to verify: copy any Transaction Hash and visit https://solscan.io/tx/<hash> to confirm the transaction’s real status on Solana mainnet.

← 返回披露主页← Back to disclosure home