Description

A new token is launched by the launchToken function. This function takes as parameter the token data, like its name and symbol, and an argument isAnon to decide if the token is anonymously deployed. If isAnon is set to true, the token data saves the null address as the deployer:

Token memory token = Token({
    token: address(erc20Token),
    deployer: isAnon ? address(0) : msg.sender,
    dexPair: address(0),
    title: data.title,
    symbol: data.symbol,
    description: data.description,
    imageUrl: data.imageUrl,
    links: data.links,
    tradesCount: 0,
    bondingCurve: bondingCurve
});

However, the anonymous launch is not really anonymous since the transaction calling launchToken would identify the creator.

Impact

The creator address of a token may be identified even if the anonymous launch parameter was set to true.

Recommendations

We recommend removing this feature, because it can potentially mislead users into expecting more anonymity than what is possible on EVM chains. No matter which branch of the isAnon ternary above actually executes, the transaction containing the execution of the branch is fully public, so the sender can be identified by re-tracing the execution.

If token creation needs to be completely anonymous, one strategy is to allow the counterfactual deployment of tokens, so that instead of using CREATE to deploy the ERC20 contract, CREATE2 is used with a salt that includes the deploy parameters. This will allow token deployment to happen completely off-chain, and then the first real buyer on the bonding chain, which may or may not be the designer of the token, will cause the actual deployment of the contract.

Remediation

This issue has been acknowledged by PondFun, and a fix was implemented in commit b3e7f3fb↗. PondFun has removed the possibility of creating tokens anonymously.