Home - Coinspect Security

Four Meme

Total Losses

$183.0K+

Date

Network

binance smart chain logo binance smart chain

Categories

business logic price manipulation

Step-by-step

  1. Call the PancakeSwap V3 position manager to initialize the SNOWBOARD/WBNB liquidity pool with an unfavourable price.
  2. Wait for the victim to deploy liquidity without checking minimum desired amounts.
  3. Sell the SNOWBOARD meme coins to drain as most WBNB as possible.

Detailed Description

four.meme is a memecoin launchpad on the BNB Smart Chain, similar to pump.fun. This platform operates in three main steps:

  1. Creation: Users customize the name, logo, description, and optional social accounts to generate a new memecoin.
  2. Trading: Other users can trade the memecoin directly on the platform.
  3. Migration: Once the memecoin’s market value reaches a predefined threshold (24 BNB on four.meme), it is migrated to a decentralized exchange (DEX) such as PancakeSwap.

Now, let’s dive into the technical details of each stage.

What Happened?

The core issue originates from four.meme’s contract 0x5c95. Specifically, when adding liquidity to the pool via the mint function in the Pancake V3 Position Manager, the contract failed to provide the amount0Min and amount1Min values. These values define the minimum required token amounts for a successful liquidity provision, protecting against unfavorable price fluctuations. If the actual required amounts fall below these minimums, the transaction reverts to prevent unintended losses due to slippage. However, due to this oversight:

  1. The attacker preemptively deployed a SNOWBOARD/WBNB pool with an artificially high token price by calling the createAndInitializePoolIfNecessary function.
  2. When the vulnerable contract attempted to create a Pancake V3 pool for the token, it failed to verify the pool’s state or price if an existing pool was already deployed. As a result, the platform unknowingly added liquidity to the attacker’s malicious pool at a manipulated price.
  3. Finally, the attacker sold the tokens acquired from the platform’s internal pool at a lower price, making a profit. Notably, no MEV bot detected this exploitation, as the initial distribution of SNOWBOARD tokens was limited to a few wallets.

Possible mitigations

To mitigate this attack, four.meme should have set appropriate amount0Min and amount1Min values when adding liquidity to the pool.