What are the security risks of meme launch platforms in the meme "gold rush" craze?

Source: Beosin

This year’s Meme track has always been a key sector in the encryption market and the ecology of major public chains. At the beginning of the year, many Meme tokens emerged in the Solana ecosystem with astonishing growth. The daily trading volume of these tokens once reached tens of billions of dollars. Leveraging users' enthusiasm for Meme token trading on Solana, the Meme launching platform Pump.Fun was launched in February. The platform quickly gave birth to multiple Meme coins with significant growth, attracting a large number of users to participate in the issuance and trading of various Meme tokens. . To date, the platform’s cumulative revenue has exceeded US$100 million.

During the gold rush, businessmen made a lot of money selling shovels. Nowadays, similar business models can be seen in the cryptocurrency market.

https://dune.com/adam_tehc/pumpfun

While the market was shocked by the wealth effect brought by Pump.Fun, Pump.Fun’s competitors also actively joined in Competition for meme launch platforms. The first is SunPump of TRON ecosystem, which made millions of dollars in two weeks.

In July, BNB Chain provided financial support to its ecological project Memehub; in August, BNB Chain launched the "Meme Innovation Battle", with Four. Cooperate with Meme launching platforms such as Meme and Burve to promote the development of Meme tracks within their ecosystems.

Today we will analyze and discuss the potential security risks of the Meme launch platform from a security perspective.

The operating mechanism of the Meme launch platform

Pump.fun, Four.Meme and other platforms all use a set of artificially set standardized Meme tokens and economies The model provides a fixed process of issuing, raising funds, and adding liquidity for all Meme tokens on its platform. The characteristics and operating mechanism of this process are as follows:

1.  Token security is guaranteed by the platform:

Users only need to provide Meme tokens Name, icon, description and other information, and then the platform creates corresponding token contracts. These token contracts use the same set of basic code templates and have some security protection measures to ensure that tokens cannot be maliciously issued and have no malicious or privileged functions. to avoid Rug Pull.

2.  Bonding Curve:

After the Meme token is created, it will not be added directly on the decentralized exchange. Liquidity pools conduct transactions, but first require users to pay a fee to mint, and the token price during the minting process is determined by the bonding curve. Taking Pump.Fun as an example, each newly created Memecoin first has an initial virtual market value, which is set to 30 $SOL. The total circulation of tokens is 1 billion, of which 800 million are used for casting. The relationship between casting price and market value is roughly as follows:

Wherex is the current token market value, y is the price of 10 million tokens. The adoption of the bonding curve can balance supply and demand, so that early participants can usually obtain tokens at a lower price, and as the market value increases, the price of each token increases significantly, bringing huge returns to early investors.

3.  The platform is responsible for injecting into the liquidity pool (LP pool):

Token issuers raise funds through users minting tokens. When the market value of the token reaches a certain threshold, the platform will inject the raised funds and unsold tokens into the decentralized exchange to create a liquidity pool to enhance the trading activity of the token. and stability. This move not only reduces the risk of Rug Pull, allowing traders to participate in token transactions with more peace of mind, but also increases the price of tokens by destroying part of the liquidity.

Pump.Fun, Four.Meme and other platforms have greatly lowered the threshold for issuance of Meme tokens, and also solved the problem of initial liquidity raising of tokens, allowing ordinary users to You can easily create your own Meme token and obtain a certain amount of liquidity for trading.

Safety risks behind launch platforms

1.  Operational risks

May 17 On March 1, Pump.Fun suffered a theft of $1.9 million due to operational issues. The incident involves a former employee who had access to Pump.Fun to create a Meme token liquidity pool in Raydium. The employee used the Solana lending protocol to conduct a flash loan operation, borrowed a large amount of SOL, and minted as many tokens as possible so that the tokens reached the standard on the bonding curve to be able to deploy a liquidity pool. The attacker then transferred these tokens and SOL to a wallet account under his control, withdrew part of the SOL and repaid the flash loan, making a profit:

< img src="https://img.jinse.cn/7294534_image3.png">https://solscan.io/tx/2yyKbYr6Piw9gPr1pAp1gNxd939n2KvNmGToxHm4pVZMpwxF76r7HKELpnDS4PdbAs4doYHFEg 4Cb3qe5UfytVmf

The project party must update employee permissions in a timely manner and fully manage the relevant address private keys. In addition, during the operation of the project, the project team should monitor the operation of the project in real time and prepare responses to security incidents in advance to reduce possible asset losses.

2.  Contract Risk

In analyzing the operating mechanism of this type of Meme launch platform, we can note that all Meme token contracts launched They are all created by the contracts of the launching platform, and the security of these tokens is the responsibility of the platform. Therefore, the contractual security of the launch platform is of paramount importance. The following are security issues that the launch platform needs to pay attention to:

(1) Replay attack

When the Meme launch platform implements createToken(), it does not allow the third When a third party creates or mints tokens, the token creator will usually be required to perform signature verification. The signature content must contain nonce, timestamp, chainid and other information to avoid replay attacks.

(2) Excessive permissions:

The Meme launch platform can control the tokens created by users and the assets raised (such as SOL, BNB, ETH), and the platform's privileged address has the authority to withdraw these assets. This means that the platform can access and withdraw the funds raised for operational or other purposes. Therefore, the permissions of these privileged addresses must be strictly managed to ensure the security and transparency of their operations, prevent potential abuse or asset theft, and ensure the overall security and stability of the platform.

Beosin suggests that project parties should use multi-signature accounts + time locks for such contracts Take control and increase security.

(3) Security in interacting with third-party DEXs

When the Meme launch platform interacts with decentralized exchanges, it usually involves token transfers Or data query and other operations. Therefore, the platform needs to ensure that the interface with the exchange is safe and reliable. This includes using encryption technology to protect information during data transmission and verifying the authenticity and legality of transaction requests to prevent forgery or malicious operations. In addition, the platform should also implement detailed permission control and monitoring mechanisms to promptly detect and respond to potential security threats to ensure the security and accuracy of transactions and data operations.

(4) Contract upgrade issues

The Meme launch platform usually uses the proxy mode to facilitate the function upgrade of the token, so special attention must be paid Security in proxy mode. Key measures include: ensuring that the agent contract undergoes strict security audits and authority control to prevent unauthorized upgrades; separating logic from data storage to maintain interface stability; making public upgrade records and notifying users of change information; conducting simulated attack tests, and Design a rollback mechanism; strictly control access rights to contracts and conduct regular audits; and implement real-time monitoring and emergency response plans. These measures help ensure the security of the proxy mode and ensure the stability and reliability of the system.

Summary

The Meme launch platform has significantly lowered the threshold for user participation through its complete functions and mechanisms. , while providing a more secure, fair and efficient trading environment. Users can quickly respond to hot spots and participate in the creation and trading of Meme tokens without worrying about liquidity risks. The platform's fair issuance mechanism and anti-fraud measures ensure the transparency and fairness of transactions and reduce the possibility of market manipulation and fraud to a certain extent.

However, the security of these launch platforms themselves is also crucial, because whether there are vulnerabilities in the operational security of the platform or in the contract code, it will affect all tokens issued on the platform. Therefore, special attention must be paid to the security and stability of platform contracts to prevent system vulnerabilities or management errors from having a widespread negative impact on tokens. Additionally, we advise all users to exercise caution when interacting with the Meme launcher platform. In the world of Web3, security always comes first.