Four Meme
Total Losses
$183.0K+
Date
Network
Categories
business logic price manipulationStep-by-step
- Call the PancakeSwap V3 position manager to initialize the SNOWBOARD/WBNB liquidity pool with an unfavourable price.
- Wait for the victim to deploy liquidity without checking minimum desired amounts.
- Sell the SNOWBOARD meme coins to drain as most WBNB as possible.
Detailed Description
four.meme is a memecoin launchpad on the BNB Smart Chain, similar to pump.fun. This platform operates in three main steps:
- Creation: Users customize the name, logo, description, and optional social accounts to generate a new memecoin.
- Trading: Other users can trade the memecoin directly on the platform.
- Migration: Once the memecoin’s market value reaches a predefined threshold (24 BNB on four.meme), it is migrated to a decentralized exchange (DEX) such as PancakeSwap.
Now, let’s dive into the technical details of each stage.
What Happened?
The core issue originates from four.meme’s contract 0x5c95. Specifically, when adding liquidity to the pool via the mint
function in the Pancake V3 Position Manager, the contract failed to provide the amount0Min
and amount1Min
values. These values define the minimum required token amounts for a successful liquidity provision, protecting against unfavorable price fluctuations. If the actual required amounts fall below these minimums, the transaction reverts to prevent unintended losses due to slippage. However, due to this oversight:
- The attacker preemptively deployed a SNOWBOARD/WBNB pool with an artificially high token price by calling the
createAndInitializePoolIfNecessary
function. - When the vulnerable contract attempted to create a Pancake V3 pool for the token, it failed to verify the pool’s state or price if an existing pool was already deployed. As a result, the platform unknowingly added liquidity to the attacker’s malicious pool at a manipulated price.
- Finally, the attacker sold the tokens acquired from the platform’s internal pool at a lower price, making a profit. Notably, no MEV bot detected this exploitation, as the initial distribution of SNOWBOARD tokens was limited to a few wallets.
Possible mitigations
To mitigate this attack, four.meme should have set appropriate amount0Min
and amount1Min
values when adding liquidity to the pool.