Four.Meme Extreme Pricing Pools Business Logic Flaw
Notice: This page is a freshly imported case study from an original repository. While the original content had a similar format, some sections may not have been fully completed. Please help fill in any empty sections or any missing information you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
Four Meme is a decentralized platform focused on meme coins, allowing users to create, trade, and explore a variety of meme-based digital assets, such as AI-driven, meme-centric, and culturally inspired tokens. It offers an easy-to-use environment for creating, ranking, and tracking token performance, primarily on the Binance Smart Chain (BNB). Recently, Four Meme experienced a malicious attacker manipulating liquidity pools on PancakeSwap v3, exploiting unverified prices. The team responded swiftly, suspending token trading to address the issue, and is now offering compensation for affected users. Despite this setback, Four Meme remains committed to its community and continues to improve security.[1][2][3][4][5][6][7][8][9][10][11]
About Four Meme
Four Meme is a decentralized platform focused on meme coins, allowing users to create, trade, and explore a wide range of meme-based digital assets. The platform supports various meme coins with diverse themes, including AI-driven, meme-centric, and culturally inspired tokens like Trump Sleep, CZ BUNI, and Chinese Pepe. Each token is typically launched on Binance Smart Chain (BNB) and features fluctuating market caps that highlight the speculative nature of meme coin investments.
Four Meme enables users to create their own meme tokens, which are listed and traded on PancakeSwap and other decentralized exchanges. The platform provides a user-friendly environment to search, create, and rank tokens. It also offers a unique feature to track token performance, including market cap and percentage changes, allowing users to stay updated on their investments. Despite the playful nature of meme coins, Four Meme maintains a disclaimer emphasizing the speculative and volatile nature of these digital assets, encouraging users to conduct their own research before trading.
"Four.meme is a streamlined, low-cost pathway to introduce even more meme tokens into the world. Create anything. Any meme you want to put out into the blockchain ecosystem. We’re here to be your canvas and your logistical minion. We’ll help you get the most traction possible with users on BSC. All we’re asking is you create the best viral memes that can potentially make you famous."
The Reality
The platform underscores the risks involved in trading meme coins, acknowledging that their values can be highly volatile. Users are advised to assess their financial situation and risk tolerance. Additionally, Four Meme clarifies that it does not endorse or guarantee the success of any tokens created on the platform and will not be held liable for losses or damages associated with trading meme coins.
What Happened
At least one token was
| Date | Event | Description |
|---|---|---|
| February 10th, 2025 9:36:16 PM MST | Creating Extreme Pricing Pools | The blockchain transaction created liquity pools which are loaded with extreme pricing, as the first stage of the exploit. Liquidty pools can be created with an extremely |
| February 10th, 2025 9:36:34 PM MST | Token Migration Launch Transaction | The transaction on the BNB blockchain which exploits the malicious price. |
| February 10th, 2025 9:41:00 PM MST | BlockSpy Tweets Transactions | Twitter user BlockSpy reports that there have been multiple instances where token migrations result in the migration contract only taking a fraction of the token but the full BNB value. This BNB is then injected into the migrated liquidity pool, allowing a holder to potentially drain the entire LP. They provie a related transction for viewing. |
| February 10th, 2025 10:54:00 PM MST | Four Meme Emergency Announcement | Four Meme posts an emergency announcement regarding a malicious attack, stating that token trading on DEX has been temporarily suspended while the development team works on a fix. They reassure the community that internal funds are safe and unaffected by the attack, and they will continue to monitor the situation, providing updates as needed. |
| February 10th, 2025 11:24:00 PM MST | Four Meme Clarifies Emergency | Four Meme edits their tweet to clarify that the token LP launched on @PancakeSwap is temporarily suspended, rather than token trading on DEX, which was mentioned in the original announcement. The updated tweet also specifies that on-chain trading is operating normally, providing more detailed information about the situation. |
| February 10th, 2025 11:54:00 PM MST | SlowMist Tweet Posted | SlowMist posts a security alert regarding suspicious activity involving @four_meme_. A malicious user can manipulate PancakeSwap v3 by creating an unbalanced pool with a skewed token price before launch. When the token is migrated, @four_meme_ adds liquidity based on the distorted pool price, allowing the attacker to exploit this and deplete the pool’s assets. |
| February 11th, 2025 3:44:00 AM MST | ExVulSec Attack Detected | ExVulSec posts an alert regarding an attack on @four_meme_ on Binance Smart Chain (BSC). The root cause seems to be a lack of price checking when adding liquidity to the contract, which the system fails to validate properly. The issue is highlighted in a transaction hash. |
| February 11th, 2025 7:17:00 AM MST | Four Meme Update Posted | Four Meme updates their community on the recent incident, stating that the platform’s core functions have mostly been restored and on-chain trading is fully operational. The team has worked quickly to address the attack, ensuring security and stability. They thank the community for their patience and support and encourage them to stay tuned for further updates. |
| February 12th, 2025 9:47:00 AM MST | Four Meme Compensation Update | Four Meme further updates users on compensation for the recent incident, providing a form to apply for compensation for those affected. They assure users that they will verify the losses and complete compensation within the week, asking for patience during the process. The team emphasizes their commitment to protecting users and will continue to provide updates. |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
The total amount lost has been estimated at $183,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
"We are currently experiencing a malicious attack, and our team has intervened immediately to address the issue. To ensure security, token trading on DEX has been temporarily suspended and will be reopened once our development team completes the fix."
"We are currently experiencing a malicious attack, and our team has intervened immediately to address the issue. To ensure security, token LP launched on @PancakeSwap is temporarily suspended, and will be reopened once our development team completes the fix, on-chain trading is operating normally."
"Update on Recent Incident Our platform’s core functions have mostly been restored, and on-chain trading remains fully operational. Our team has worked swiftly to mitigate the attack, ensuring security and stability. We appreciate the community’s patience and support. Stay tuned for further updates!"
"Latest Update on User Compensation Please fill out the following form to apply for compensation for the incident: We will gradually verify the losses of users affected by this malicious attack and will complete compensation within this week. Please be patient. Thank you for your understanding and support. We are always committed to protecting our user and will continue to update progress."
"The memecoin platform Four.Meme was attacked. According to an analysis by the SlowMist security team, the attacker was able to execute a frontrunning attack by pre-creating a liquidity pool on PancakeSwap v3 with an extremely high token price. When the token was integrated into PancakeSwap v3, liquidity was added based on the unbalanced pool set up by the attacker. Since the project team did not verify the pool's price, the added liquidity followed the maliciously set price. As a result, the attacker was able to exploit this mechanism to drain assets from the pool."
Ultimate Outcome
It appears that Four Meme has resolved the issue and provided a form for users to receive compensation.
Total Amount Recovered
Users can request compensation using a provided form. It is unclear how many users have been compensated.
The total amount recovered is unknown.
Ongoing Developments
What parts of this case are still remaining to be concluded?
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ SlowMist - "We detected potential suspicious activity related to @four_meme_. A malicious user can front-run by creating a pool on PnacakeSwap v3 with an extremely skewed price for the token scheduled to launch. When the token migrates to PnacakeS...ter/X (Accessed Mar 20, 2025)
- ↑ Four Meme Linktree (Accessed Mar 21, 2025)
- ↑ Four Meme - "We are currently experiencing a malicious attack, and our team has intervened immediately to address the issue. To ensure security, token trading on DEX has been temporarily suspended and will be reopened once our development team com...ter/X (Accessed Mar 21, 2025)
- ↑ Four Meme - "We are currently experiencing a malicious attack, and our team has intervened immediately to address the issue. To ensure security, token LP launched on @PancakeSwap is temporarily suspended, and will be reopened once our development ...ter/X (Accessed Mar 21, 2025)
- ↑ Four Meme - "Update on Recent Incident Our platform’s core functions have mostly been restored, and on-chain trading remains fully operational. Our team has worked swiftly to mitigate the attack, ensuring security and stability. We appreciate th...ter/X (Accessed Mar 21, 2025)
- ↑ Four Meme - "Latest Update on User Compensation Please fill out the following form to apply for compensation for the incident: We will gradually verify the losses of users affected by this malicious attack and will complete compensation within thi...ter/X (Accessed Mar 21, 2025)
- ↑ Creating Extreme Price Pools Transaction - BSCScan (Accessed Mar 21, 2025)
- ↑ Token Migration Launch Transaction - BSCSCan (Accessed Mar 21, 2025)
- ↑ Four Meme Documentation - Gitbook (Accessed Mar 21, 2025)
- ↑ ExVulSec - "Alert! Our SkyEye system detected an attack on @four_meme_ on bsc. root case seems does not exist in contract, but @four_meme_, it does not check price properly when adding liquidity Hash" - Twitter/X (Accessed Mar 21, 2025)
- ↑ BlockSpy - "This have happened a couple of times now... tokens get migrated, but the migration contract only takes a fraction of a token and takes full BNB value, and inject it into the migrated lp, leading to a holder can oneclip the whole LP." -...ter/X (Accessed Mar 21, 2025)