Verify the operator
Anyone can run these commands from their own machine. No special access. No trust required.
Every claim about the pool's custody story is independently verifiable. The commands below produce evidence from the Monero blockchain and from the operator's running pool. The evidence is the same whether you're a friendly donor or a skeptic looking for a fraud.
Tools you'll need: curl, jq, git. Optionally monero-wallet-cli from the official Monero release.
Proof 1 — The destination address in the running pool matches the public config
The operator's pool.conf is published in the deployment repo. The line pool-wallet = ... is the only address block rewards can go to. The same address is rendered on the public homepage at fleshball.org (look for the "FleshSimulator's Monero address" block).
# What address is the running pool actually serving on its homepage?
curl -s https://fleshball.org/ \
| grep -oE 'id="creator-address"[^>]*>[^<]+' \
| sed -E 's/.*>//'
# What address is published in the repo at HEAD?
git clone https://github.com/GlorgSimulator/fleshball-pool.git
grep '^pool-wallet' fleshball-pool/configs/pool.confBoth must match exactly. If they don't, stop directing miners here and raise the alarm publicly.
Proof 2 — Every block this pool finds pays the same address
Pick any block height the pool's stats page lists as "found by this pool." Look it up on a public block explorer:
# /stats returns flat top-level keys (jtgrassie/monero-pool format)
HEIGHT=$(curl -s https://fleshball.org/stats | jq -r '.last_block_found')
echo "Pool claims to have found block: $HEIGHT"
# Pull that block's coinbase from a public explorer (no operator involvement)
curl -s "https://xmrchain.net/api/block/$HEIGHT" | jq '.data.txs[0]'Decode the coinbase output's stealth address using FleshSimulator's public address + view key. FleshSimulator can do this in their own wallet by syncing and looking for the incoming transaction. Anyone with the (public) address + view key can do it from their own machine using monero-wallet-cli.
If the coinbase ever pays an address that isn't FleshSimulator's, the pool is compromised. This would be visible publicly within ~2 minutes (the Monero block time).
Proof 3 — The operator's wallet cannot spend
The wallet RPC listens only on 127.0.0.1:28083 on the operator's server (not exposed publicly), so external donors can't poke it directly. But the operator demonstrates this in a recorded video linked from the live stats section:
# As the operator, against the live view-only wallet:
curl -X POST http://127.0.0.1:28083/json_rpc \
-H 'Content-Type: application/json' \
-d '{"jsonrpc":"2.0","id":"0","method":"transfer","params":{
"destinations":[{"amount":1,"address":"<some test address>"}],
"priority":0,"ring_size":16,"get_tx_key":true
}}'The expected response — proving custody — is:
{"jsonrpc":"2.0","id":"0","error":{
"code":-37,
"message":"This wallet is watch-only. Cannot spend."
}}Any other response is a custody failure. The behavior is enforced at the Monero protocol level — it's not something the operator can disable without replacing the wallet entirely (which would also change the address visible in Proof 2).
Proof 4 — Pool fee is 100% (no payouts machinery is even active)
curl -s https://fleshball.org/stats | jq '.pool_fee'
# Expected: 1.0Cross-check against the repo:
grep '^pool-fee' fleshball-pool/configs/pool.conf
# Expected: pool-fee = 1.0pool-fee = 1.0 means miners are owed 0% — the pool never tries to construct a spending transaction. Combined with Proof 3, there is mathematically no path for the operator to send a transaction.
Proof 5 — Deployed software matches the pinned commits
The deployment repo pins exact commit hashes for monerod and monero-pool. You can confirm the running binary was built from those pins:
# Pinned versions in the repo
grep -E '^\| (Monero daemon|monero-pool)' fleshball-pool/README.md
# Operator's binary checksum (asked of operator, or via read-only access)
sha256sum /usr/local/bin/monero-pool
# What it should match: a build from the pinned commit
cd /opt/src/monero-pool && git rev-parse HEADFuture operator change to a non-pinned commit requires a public git push to the deployment repo. There is no way to silently swap the binary without leaving a public diff.
Proof 6 — Independent funds visibility (FleshSimulator)
FleshSimulator can — and should — verify funds arriving in real time on their own machine, with no involvement from the operator at all:
# On FleshSimulator's machine (the one with the seed):
monero-wallet-cli --wallet-file my-wallet
[wallet]> refresh
[wallet]> show_transfers inEvery block the pool finds should appear here within minutes of confirmation. If the pool's stats say "Block 3,219,045 found at 14:02 UTC" and 30 minutes later the wallet shows nothing inbound around that time and height, ask publicly why.
What if a proof fails?
| Failed proof | Action |
|---|---|
| 1 (address mismatch) | Stop directing miners to this pool immediately. Post on Twitter. Operator must fix and publicly explain. |
| 2 (coinbase pays wrong address) | Same as 1. The blockchain doesn't lie. |
| 3 (transfer succeeded against the wallet) | The operator's wallet is NOT view-only. Critical custody failure. |
| 4 (pool-fee not 1.0) | The pool is configured for miner payouts, which means the wallet must be spend-capable. Custody story is broken. |
| 5 (binary doesn't match commit) | Operator is running unpublished code. Demand the source or move pools. |
| 6 (wallet doesn't show funds the pool claims to have found) | Most likely a sync issue — wait, then re-check. If still wrong, escalate to Proof 2. |
The presumption in every case is public disclosure first, ask questions second. The whole architecture is designed so the operator cannot benefit from delay — the longer a problem stays public, the harder it is to silently exploit.