Identifiable anonymous tokens
Description
A new token is launched by the launchToken
function. This function takes as parameter the token data, like its name and symbol, and an argument isAnon
to decide if the token is anonymously deployed. If isAnon
is set to true, the token data saves the null address as the deployer:
Token memory token = Token({
token: address(erc20Token),
deployer: isAnon ? address(0) : msg.sender,
dexPair: address(0),
title: data.title,
symbol: data.symbol,
description: data.description,
imageUrl: data.imageUrl,
links: data.links,
tradesCount: 0,
bondingCurve: bondingCurve
});
However, the anonymous launch is not really anonymous since the transaction calling launchToken
would identify the creator.
Impact
The creator address of a token may be identified even if the anonymous launch parameter was set to true.
Recommendations
We recommend removing this feature, because it can potentially mislead users into expecting more anonymity than what is possible on EVM chains. No matter which branch of the isAnon
ternary above actually executes, the transaction containing the execution of the branch is fully public, so the sender can be identified by re-tracing the execution.
If token creation needs to be completely anonymous, one strategy is to allow the counterfactual deployment of tokens, so that instead of using CREATE to deploy the ERC20 contract, CREATE2 is used with a salt that includes the deploy parameters. This will allow token deployment to happen completely off-chain, and then the first real buyer on the bonding chain, which may or may not be the designer of the token, will cause the actual deployment of the contract.
Remediation
This issue has been acknowledged by PondFun, and a fix was implemented in commit b3e7f3fb↗. PondFun has removed the possibility of creating tokens anonymously.