Assessment reports>Memecoin Launcher>High findings>Fee recipient can censor forum posts
Category: Coding Mistakes

Fee recipient can censor forum posts

High Severity
High Impact
Medium Likelihood

Description

Forum posts are created by the createForumPost function, and some fees are paid to the fee recipient before posting:

function createForumPost(address _address, string calldata _text) public payable tokenExists(_address) returns (ForumPost memory) {
    PondStorage storage $ = _getStorage();
    Forum storage forum = $.forums[_address];

    if (msg.value < $.config.forumFeeEth) revert NotEnoughETH();
    _safeTransferETH($.config.feeRecipient, msg.value);

    ForumPost memory post = ForumPost({ author: msg.sender, text: _text, timestamp: block.timestamp, isHidden: false });

    forum.posts.push(post);

    emit ForumPostCreate(post.author, _address, post.text, post.timestamp);

    return post;
}

However, the fee recipient can choose to revert for some fee transfers, which will cause the parent transaction to revert, censoring the corresponding forum post.

Impact

The fee recipient may censor some posts by reverting during the transfer call they receive from createForumPost.

Recommendations

A better approach would be to allow the fee recipient to claim their fees independently of the forum post creation.

Remediation

This issue has been acknowledged by PondFun, and a fix was implemented in commit ce3e8543. This fix moves the entire forum part of the contract off-chain.

Zellic © 2025Back to top ↑