How verification works

Did we publish what we say we published?

Every score we publish is signed by our key and recorded as a transaction on Solana. The signature can't be faked. Anyone can look at the transaction and confirm: yes, Attentra published exactly this score for this protocol at this moment in time.

This is the simplest claim and the strongest evidence. It says nothing about whether the score is right — only that we published what we say we published.

Verifiable today

If you redo the math, do you get the same answer?

We publish an open-source tool — the verifier — that anyone can install. Point it at a protocol, and it re-runs the same checks we ran, against the same on-chain data, and tells you whether it agrees with our score.

If it agrees, our math is reproducible. If it disagrees, that's evidence we got something wrong, and we owe the public a post-mortem within 24 hours. Today this works for self-consistency with one trust assumption — that the verifier you downloaded uses the same code our engine uses. Reproducible builds and independent verifier implementations close that gap, with both committed before mainnet and within the first year of operation.

Verifiable today (with one trust assumption)

Did we read the on-chain data correctly when we evaluated?

When our engine looked at a protocol's multisig at 2:14 AM, was the threshold actually 3-of-5? Did we read the right account? Could we have been fed bad data?

Today, partially: if our score is too old to be trusted, the system marks it Stale and consumers know to ignore it. But within the active window, we're trusting that the data didn't shift between when we read it and when you re-check it. That's an honest gap.

Before mainnet, we close it. Each score we publish will include a fingerprint of every piece of on-chain data we read. Anyone with archival access to Solana's history can fetch the same data we did, fingerprint it, and prove we read what we say we read. No more "trust us about the past" — just verifiable evidence.

Partial today; full at v1.1

Are we actually checking the right things?

Even if we read correctly and compute correctly, we might still be wrong about what to check. A protocol could be silently compromised in a way none of our eleven checks would catch. There's no automated test for this — and pretending there were would be worse than admitting there isn't.

What we do instead: publish the methodology in full so anyone can read what we check; run an external audit before mainnet; invite formal disputes from any protocol that thinks we're checking the wrong thing or missing something; publish a post-mortem within 24 hours when we get it wrong; version the methodology with public changelogs as it evolves. The legitimacy of this layer depends on transparency and our discipline about admitting error, not on cryptography.

Verified socially, not mechanically

Is the protocol actually safe?

We don't claim to answer this, and you shouldn't treat our score as the answer. Attentra produces one input to a security assessment — a signal about a protocol's operational posture. The other inputs include smart contract audits, economic reviews, off-chain operational security, and the team's track record.

A protocol with a perfect Attentra score can still be unsafe if the unsafety is in code logic or economic mechanism we don't observe. A protocol with a degraded score can still be safe if the change is benign and acknowledged. Treating our score as the answer to "is this safe" would be misusing the tool.

Out of scope by design