Percolator Launch
Percolator Launch has impressive engineering with formal verification and 134K lines of code, but critical smart contract bugs in the staking layer and an unsafe_close drain capability need to be fixed before mainnet deployment.
Deductions
market_resolved() and hwm_enabled() share same offset — can cause incorrect market resolution with fund loss.
Can drain entire slab account if authority compromised.
Single wallet controls upgrades. Should be multisig.
Must be replaced before mainnet or all instructions break.
Uninitialized accounts pass validation — type confusion risk.
Bypasses Rust borrow checker for CPI. Memory corruption risk.
Rate limiter fails open if Redis down.
Serverless cold starts reset counters.
Could initialize with spoofed reference.
Can spam fee accrual transactions.
Bonuses
Formal verification with Kani proofs
10 Kani proof suites in CI targeting overflow, bounds, and symmetry in core risk engine
Comprehensive test coverage
179 test files covering API routes, auth, security, E2E
Immutable main program
Main percolator program upgrade authority = None
Open source
Full source code publicly available on GitHub
Not Scored (Token Metrics)
Twitter bio overstates Toly affiliation
Social/marketing legitimacy — not a product security vulnerability.
Bundle activity at launch
Token market dynamics, removed from findings in earlier rescore.
Deployer token history
Token launch behavior, removed from findings in earlier rescore.
100 - 25 (critical) - 15 (high) - 6 - 6 - 6 - 6 (4 medium) - 2 - 2 - 2 - 2 (4 low) + 4 (formal verification) + 2 (test coverage) + 2 (immutable) + 1 (open source) = 37
Is this a rug?
Mint Authority
No one can create new tokens — mint authority is permanently revoked
Freeze Authority
No one can freeze your wallet — freeze authority is permanently revoked
Upgrade Authority
Main trading program is locked forever, but the matcher program can still be updated by one person
LP Status
Liquidity is locked inside Pump AMM — the deployer cannot pull it out
Deployer History
This deployer launched 18 tokens on pump.fun — 17 are dead test tokens worth nothing. They sold their Percolator allocation in 75 seconds.
Bundle Activity
3 bot wallets bought 18.5% of total supply right at launch in coordinated buys, then sold everything
What we found
Findings at a glance
1 critical smart contract bug in the staking layer, 1 high-severity drain capability, and 4 medium infrastructure concerns. Strong positive: formal verification, 179 test files, and immutable main program.
Percolator Launch is a permissionless perpetual futures platform on Solana that allows anyone to deploy a perp market for any token. The project builds on Anatoly Yakovenko's (Toly) open-source percolator protocol, forking the core risk engine and BPF wrapper while adding original matcher and staking programs, a comprehensive Next.js frontend, and supporting infrastructure.
The platform code is genuinely impressive. The 134K LOC TypeScript frontend demonstrates security-first engineering: per-request CSP nonces, distributed rate limiting via Upstash Redis, timing-safe authentication on all admin endpoints, an RPC proxy with method allowlists that excludes sendTransaction, and deployer signature verification via ed25519 nonce challenges. No hardcoded secrets were found. The 4 Rust programs use Kani formal verification, saturating arithmetic, comprehensive signer and owner checks, and compile-time feature guards. The 179 test files include security-specific tests for timing-safe auth, TOCTOU race conditions, and network override guards. Playwright crawling found zero drainers, zero malicious scripts, and properly configured Supabase RLS.
However, the token launch raises concerns. Three coordinated wallets sniped 18.5% of total supply via same-block Jito bundle purchases in the first seconds after creation, then fully exited — a significant extraction from retail participants. The deployer wallet has 18 total pump.fun launches (17 are dead test tokens named "dsadas"), and sold their 5.1% Percolator allocation back to the bonding curve within 75 seconds. The Twitter bio's claim of being "Original CTO and Project of Toly's Percolator" is misleading — the team is building on Toly's open-source code (which is real), but they are community developers, not Toly's team. The token metadata itself states "token has no direct affiliation with toly."
One critical smart contract bug was found in percolator-stake: a byte collision where market_resolved() and hwm_enabled() share the same _reserved[9] offset, meaning enabling HWM protection accidentally blocks all deposits. This must be fixed before mainnet deployment of the staking layer. The main percolator program is immutable on mainnet (upgrade authority = None), which is a strong security positive. The matcher program is upgradeable by a single EOA wallet rather than a multisig — a centralization risk that should be addressed.
Bottom line: The platform is legitimate engineering with real security investment, but the token launch patterns and social claims warrant caution. The code quality far exceeds typical pump.fun token projects — this team is building a real product. Traders should weigh the strong technical fundamentals against the concerning launch dynamics.
| Scope Item | Status | Notes |
|---|---|---|
| Source code review | complete | Full review of 134K LOC TypeScript frontend (Next.js 16.1.7), @percolator/sdk, 40+ API routes, middleware, auth system, oracle system, market creation flow. |
| Smart contract audit | complete | Full review of 4 Rust programs: percolator (core engine, no_std), percolator-prog (BPF wrapper, 12K+ lines), percolator-matcher (AMM), percolator-stake (insurance LP). 16-point Solana vulnerability checklist applied. |
| Frontend security testing | complete | Playwright headless crawl of 8 pages with mock wallet injection. Drainer detection, script analysis, network interception, CSP verification, iframe audit. |
| On-chain token analysis | complete | Full paginated holder scan (4,908 accounts), deployer identification and history (18 launches), bundle detection (first 50 txs), LP pool analysis, authority verification. |
| Team and social legitimacy | complete | Twitter profile analysis (operator screenshots), GitHub contributor analysis, domain WHOIS, fork relationship verification with aeyakovenko/percolator. |
| Dependency audit | complete | package.json (23 deps, 17 devDeps), Cargo.toml for all 4 Rust programs. No vulnerable or suspicious dependencies. GitHub Actions use pinned SHA commits. |
| Cross-layer analysis | complete | Frontend-to-contract integrity verified (SDK encoding matches program expectations). RPC proxy method allowlist prevents unauthorized tx submission. Admin endpoints use timing-safe auth. Network override guards prevent cross-environment abuse. |
| Build verification | limited | Static build analysis completed — build scripts, CI/CD workflows, Docker configs reviewed. Compilation not possible without project env vars (expected for third-party audits). No supply chain concerns in build pipeline. |
| Security headers | complete | CSP with per-request nonces, HSTS (2yr preload), X-Content-Type-Options, Permissions-Policy, Referrer-Policy, X-Frame-Options. No unsafe-eval. Cache-Control prevents nonce reuse. |
Methodology
This audit was performed using TrenchGuard's AI-assisted review process with human oversight.
Pump AMM pool (Ebs3mXA...LRrBW) holds 81.88M tokens + 763 SOL. Pump AMM liquidity is protocol-managed and non-extractable by deployer. More secure than traditional LP tokens.
Top 10 holders control 28.67% (includes 8.28% AMM pool). No individual wallet exceeds 5% of supply. 4,908 total holders. Distribution is relatively healthy.
3-wallet cluster (AexT5fk..., fNrJmJ1..., p2DiFVu...) bought 183M tokens (18.51% supply) via coordinated same-block buys in slots 374590018-374590504. All funded by different disposable wallets. Internal transfers consolidated tokens to p2DiFVu. All 3 wallets now hold 0 tokens — fully dumped. Additional same-block buyer AcULspH... (funded with 12 SOL) also bought in CREATE slot and fully exited.
| ID | Severity | Title |
|---|---|---|
| TG-001 | critical | Stake pool _reserved[9] byte collision — market_resolved() and hwm_enabled() share same offset |
| TG-002 | high | unsafe_close feature provides full slab drain capability |
| TG-003 | medium | Matcher program upgrade authority is a single EOA wallet |
| TG-004 | medium | Placeholder program ID in source — must be replaced before mainnet deployment |
| TG-005 | medium | StakePool validate_discriminator accepts zeroed discriminator |
| TG-006 | medium | invoke_signed_unchecked bypasses RefCell borrow safety |
| TG-007 | low | Fail-open rate limiting on devnet airdrop endpoints |
| TG-008 | low | In-memory rate limiters bypassable on Vercel serverless |
| TG-009 | low | No percolator program ID validation in StakePool InitPool |
| TG-010 | low | AccrueFees instruction has no rate limiting |
| TG-011 | info | Twitter bio overstates Toly affiliation |
| TG-012 | info | Main percolator program is immutable — strong security positive |
| TG-013 | info | No drainers, malicious scripts, or data exfiltration detected |
| TG-014 | info | Comprehensive security middleware — nonce CSP, distributed rate limiting, IP blocklist |
| TG-015 | info | Kani formal verification and 179 test files — strong security investment |
| TG-016 | info | Fork of Toly's open-source percolator protocol with substantial independent development |
Stake pool _reserved[9] byte collision — market_resolved() and hwm_enabled() share same offset
Description
In percolator-stake, both market_resolved() (line 196) and hwm_enabled() (line 300) read/write to _reserved[9]. Enabling HWM protection writes 1 to _reserved[9], which simultaneously causes market_resolved() to return true, immediately blocking all deposits. Conversely, resolving the market unintentionally enables HWM logic. The layout comments at lines 184 and 291 document conflicting assignments.
Location
percolator-stake/src/state.rs:196,300// Line 196
pub fn market_resolved(&self) -> bool {
self._reserved[9] != 0
}
// Line 300
pub fn hwm_enabled(&self) -> bool {
self._reserved[9] == 1
}
Remediation
Move hwm_enabled to a different byte offset (e.g., _reserved[12]). The layout comment at line 291 is the error — HWM must not share byte 9 with market_resolved.
unsafe_close feature provides full slab drain capability
Description
The percolator-prog codebase contains an unsafe_close feature flag that completely skips ALL CloseSlab validation — no admin check, no vault balance check, no insurance check, no account count check, and no data zeroing. Any signer could drain all lamports from any slab. Compile-time guards at lines 15-20 prevent this from compiling with mainnet or without test features.
Location
percolator-prog/src/percolator.rs:13-21,11771-11812#[cfg(all(feature = "unsafe_close", feature = "mainnet"))]
compile_error!("unsafe_close MUST NOT be enabled on mainnet builds!");
#[cfg(all(feature = "unsafe_close", not(feature = "test")))]
compile_error!("unsafe_close requires `test` feature");
Remediation
Consider removing this feature entirely and using a test helper function instead. While the compile-time guards are adequate, the feature's existence is an attack surface if build processes are compromised.
Matcher program upgrade authority is a single EOA wallet
Description
The matcher program (DHP6DtwXP1yJsz8YzfoeigRFPB979gzmumkmCxDLSkUX) has upgrade authority set to CTNRpc2N1Jhgjk4GfmoQuzHKC5HcxiSTE5Bh471yU6FP, which is a regular system account (EOA), not a multisig. A single private key can upgrade the matcher program to arbitrary code. The main percolator program is immutable (upgrade authority = None).
Location
On-chain: ProgramData account GHKo9PKCVKTAbn8UqsVs2HL5S1UnhxZTkUoszLb1Aju2Remediation
Transfer matcher upgrade authority to a Squads multisig with at least 2-of-3 threshold. Alternatively, make the matcher immutable if no further upgrades are planned.
Placeholder program ID in source — must be replaced before mainnet deployment
Description
The percolator-prog source contains declare_id!('Perco1ator111111111111111111111111111111111') — a vanity/placeholder program ID. The actual deployed mainnet program uses a different ID (GM8zjJ8LTBMv9xEsverh6H6wLyevgMHEJXcEzyY3rY24). If the source were deployed as-is, the slab_guard owner check would use the wrong address.
Location
percolator-prog/src/percolator.rs:37declare_id!("Perco1ator111111111111111111111111111111111");
Remediation
Replace with actual deployed program ID. Add a compile-time assertion under #[cfg(feature = 'mainnet')] that rejects placeholder IDs.
StakePool validate_discriminator accepts zeroed discriminator
Description
In percolator-stake, validate_discriminator() accepts both the correct discriminator AND an all-zeros pattern for backward compatibility with pre-versioning accounts. Combined with bytemuck::from_bytes (which accepts any byte pattern), a zeroed account could theoretically pass validation. PDA derivation checks prevent exploitation in practice.
Location
percolator-stake/src/state.rs:280-284pub fn validate_discriminator(&self) -> bool {
let disc = &self._reserved[..8];
disc == [0u8; 8] || disc == STAKE_POOL_DISCRIMINATOR
}
Remediation
After migration period, remove the [0u8; 8] fallback. Add a migration instruction that writes the discriminator to legacy accounts.
invoke_signed_unchecked bypasses RefCell borrow safety
Description
In percolator-prog, invoke_signed_trade uses invoke_signed_unchecked which skips RefCell borrow validation. Safety comments are thorough and explain the invariants, but any future code change that holds a borrow across the CPI call could cause undefined behavior in BPF runtime.
Location
percolator-prog/src/percolator.rs:1838-1875pub fn invoke_signed_trade<'a>(...) -> Result<(), ProgramError> {
// Safety reasoning documented in comments
invoke_signed_unchecked(ix, &infos, &[seeds])
}
Remediation
Add a comment-level invariant test or static analysis annotation. Consider restricting to #[cfg(feature = 'cu-audit')] with invoke_signed as default.
Fail-open rate limiting on devnet airdrop endpoints
Description
The airdrop and devnet-airdrop API routes return {allowed: true} on unexpected DB errors ('fail open to avoid blocking users'). A DB outage allows unlimited airdrops. Mitigated by: devnet-only endpoints minting test tokens with no real value.
Location
app/api/airdrop/route.ts:128-131, app/api/devnet-airdrop/route.ts:152-155Remediation
Switch to fail-closed for rate limiting. The on-chain mint authority check is the true gate, but defense-in-depth suggests failing closed.
In-memory rate limiters bypassable on Vercel serverless
Description
Several endpoints (ideas, applications, stats) use per-process Map rate limiters that reset on Vercel cold starts. An attacker distributing requests across instances bypasses these limits. The main middleware uses Upstash Redis (distributed) which is not affected.
Location
app/api/ideas/route.ts, app/api/applications/route.ts, app/api/stats/route.tsRemediation
Migrate to Upstash Redis rate limiting (already used by middleware, advance-phase, and create-market endpoints).
No percolator program ID validation in StakePool InitPool
Description
During InitPool in percolator-stake, the percolator_program account is stored directly without verifying it is executable or checking its program ID. A malicious admin could point to an attacker-controlled program. Mitigated by: admin is already trusted (they create the pool).
Location
percolator-stake/src/processor.rs:343pool.percolator_program = percolator_program.key.to_bytes();
Remediation
Add an expect_executable check on percolator_program during InitPool.
AccrueFees instruction has no rate limiting
Description
The AccrueFees instruction in percolator-stake is permissionless and idempotent (uses balance delta). While idempotent, an attacker could spam it to consume compute units.
Location
percolator-stake/src/state.rs:88Remediation
Consider adding a minimum slot interval between fee accruals.
Twitter bio overstates Toly affiliation
The @Percolator_ct Twitter bio claims 'Original CTO and Project of Toly's #Percolator' and the banner shows 'aeyakovenko / percolator' (Toly's GitHub). However, the token metadata itself explicitly states 'token has no direct affiliation with toly.' The project IS building on Toly's open-source percolator protocol (aeyakovenko/percolator, 522 stars, Apache-2.0) — dcccrypto forked it in Feb 2026 and has 112 commits ahead with substantial engineering (Kani formal verification). But the team (pseudonymous: Dark Cobra, Squid) are community builders, not Toly's team. The X community label 'Community takeover' is more honest than the bio.
Main percolator program is immutable — strong security positive
The core percolator program (GM8zjJ8LTBMv9xEsverh6H6wLyevgMHEJXcEzyY3rY24) has upgrade authority set to None. It cannot be modified by anyone. This eliminates the risk of malicious program upgrades. Deployed at slot 398964061.
No drainers, malicious scripts, or data exfiltration detected
Playwright crawl of 8 pages with mock wallet injection found zero unauthorized wallet interactions. All scripts are first-party Next.js bundles. No eval(), atob(), document.write(), or obfuscation patterns. Hidden iframe is Privy embedded wallet (legitimate). 6 external domains contacted are all legitimate Web3 infrastructure (Privy, Supabase, DexScreener, WalletConnect). No private keys or server-side secrets found in JS bundles.
Comprehensive security middleware — nonce CSP, distributed rate limiting, IP blocklist
The 445-line middleware implements: per-request CSP nonces (no unsafe-eval), HSTS with 2-year preload, Upstash Redis distributed rate limiting (120 req/min API, 600 req/min RPC), IP blocklist with CIDR support, slab blocklist, admin route guards with Supabase session verification, and trusted proxy depth for X-Forwarded-For spoofing prevention. RPC proxy has method allowlist excluding sendTransaction. All admin secret comparisons use timingSafeEqual.
Kani formal verification and 179 test files — strong security investment
The Rust programs include Kani formal verification proofs for critical paths (overflow, bounds, symmetry). The TypeScript codebase has 179 test files covering API routes (rate limiting, auth, network guards), components, hooks, and E2E tests (security headers, wallet connect, responsive). GitHub Actions use pinned SHA commits for supply chain protection. Dependencies are clean (no known vulnerabilities).
Fork of Toly's open-source percolator protocol with substantial independent development
The project forks aeyakovenko/percolator (522 stars, Apache-2.0) and aeyakovenko/percolator-prog. dcccrypto's fork is 112 commits ahead of upstream with substantial engineering including Kani proofs, ADL implementation, two-phase keeper cranks, and adaptive funding rates. percolator-matcher and percolator-stake are original programs by dcccrypto. Primary developer dcccrypto (Dark Cobra, UK, GitHub since 2021) has 181 commits; secondary contributor 0x-SquidSol has 31 commits.
Opcode scores reflect product and code security only. Token market metrics (holder distribution, bundle activity, LP status, deployer history) are shown as informational context but do not impact the score.
This ensures that a well-built product with a messy token launch is scored fairly on its engineering merits, and a poorly-built product with a perfect token distribution is scored on its actual security gaps.
Standard Deductions
Fixed findings: 0. Partially fixed: half deduction. Info findings document positive confirmations.
Methodology
This audit was performed using TrenchGuard's AI-assisted review process with human oversight.
Disclaimer
This audit was performed by Opcode using AI-assisted review with human oversight. While we strive for thoroughness, no audit can guarantee the complete absence of vulnerabilities. This report is not financial or legal advice. Users should perform their own due diligence. © 2026Opcode — opcode.run