Four.meme Hack Analysis
Four.meme, a platform for launching meme tokens backed by Binance Academy, was exploited on February 11, 2025, resulting in a total asset loss of approximately $183,000.
Analysis
Meme.four allows users to create and list new meme tokens for trading. Once a meme coin’s market capitalization exceeds a set threshold, it is migrated to a decentralized exchange (DEX).
When migrating a meme token to the DEX, Four.meme attempts to create a new trading pair pool, transferring 200,000,000 meme tokens and approximately 24 WBNB into it before setting the correct sqrtPriceX96
for the pool.
However, a vulnerability exists: if the pool already exists, Four.meme will use it without verifying its sqrtPriceX96
value. This allows an attacker to manipulate the price and drain assets from the trading pool.
The attack begins when the hacker creates a new meme token, conducts artificial transactions to inflate its market capitalization, and triggers Meme.four to migrate it to the DEX.
During migration, Four.meme uses a pre-existing pool with a sqrtPriceX96 value set to ten duodecillion, which is 368 trillion times larger than the correct value (as shown in the red box in Figure 1). The transaction used to create this malicious pool is shown below:
After the migration, the attacker can withdraw all WBNB from the pool using only a small amount of meme tokens.
Conclusion
To prevent this attack, Four.meme should implement price verification checks for the liquidity pool before making deposits. Additionally, conducting comprehensive security audits for all products is recommended to identify and mitigate potential vulnerabilities.