Percolator Launch
Executive Summary
Percolator Launch is a permissionless perpetual futures platform on Solana that allows anyone to deploy a perp market for any token. The project builds on Anatoly Yakovenko's (Toly) open-source percolator protocol, forking the core risk engine and BPF wrapper while adding original matcher and staking programs, a comprehensive Next.js frontend, and supporting infrastructure.
The platform code is genuinely impressive. The 134K LOC TypeScript frontend demonstrates security-first engineering: per-request CSP nonces, distributed rate limiting via Upstash Redis, timing-safe authentication on all admin endpoints, an RPC proxy with method allowlists that excludes sendTransaction, and deployer signature verification via ed25519 nonce challenges. No hardcoded secrets were found. The 4 Rust programs use Kani formal verification, saturating arithmetic, comprehensive signer and owner checks, and compile-time feature guards. The 179 test files include security-specific tests for timing-safe auth, TOCTOU race conditions, and network override guards. Playwright crawling found zero drainers, zero malicious scripts, and properly configured Supabase RLS.
However, the token launch raises concerns. Three coordinated wallets sniped 18.5% of total supply via same-block Jito bundle purchases in the first seconds after creation, then fully exited — a significant extraction from retail participants. The deployer wallet has 18 total pump.fun launches (17 are dead test tokens named "dsadas"), and sold their 5.1% Percolator allocation back to the bonding curve within 75 seconds. The Twitter bio's claim of being "Original CTO and Project of Toly's Percolator" is misleading — the team is building on Toly's open-source code (which is real), but they are community developers, not Toly's team. The token metadata itself states "token has no direct affiliation with toly."
One critical smart contract bug was found in percolator-stake: a byte collision where market_resolved() and hwm_enabled() share the same _reserved[9] offset, meaning enabling HWM protection accidentally blocks all deposits. This must be fixed before mainnet deployment of the staking layer. The main percolator program is immutable on mainnet (upgrade authority = None), which is a strong security positive. The matcher program is upgradeable by a single EOA wallet rather than a multisig — a centralization risk that should be addressed.
Bottom line: The platform is legitimate engineering with real security investment, but the token launch patterns and social claims warrant caution. The code quality far exceeds typical pump.fun token projects — this team is building a real product. Traders should weigh the strong technical fundamentals against the concerning launch dynamics.
Rug Risk Assessment
Audit Scope
| Scope Item | Status | Notes |
|---|---|---|
| Source code review | complete | Full review of 134K LOC TypeScript frontend (Next.js 16.1.7), @percolator/sdk, 40+ API routes, middleware, auth system, oracle system, market creation flow. |
| Smart contract audit | complete | Full review of 4 Rust programs: percolator (core engine, no_std), percolator-prog (BPF wrapper, 12K+ lines), percolator-matcher (AMM), percolator-stake (insurance LP). 16-point Solana vulnerability checklist applied. |
| Frontend security testing | complete | Playwright headless crawl of 8 pages with mock wallet injection. Drainer detection, script analysis, network interception, CSP verification, iframe audit. |
| On-chain token analysis | complete | Full paginated holder scan (4,908 accounts), deployer identification and history (18 launches), bundle detection (first 50 txs), LP pool analysis, authority verification. |
| Team and social legitimacy | complete | Twitter profile analysis (operator screenshots), GitHub contributor analysis, domain WHOIS, fork relationship verification with aeyakovenko/percolator. |
| Dependency audit | complete | package.json (23 deps, 17 devDeps), Cargo.toml for all 4 Rust programs. No vulnerable or suspicious dependencies. GitHub Actions use pinned SHA commits. |
| Cross-layer analysis | complete | Frontend-to-contract integrity verified (SDK encoding matches program expectations). RPC proxy method allowlist prevents unauthorized tx submission. Admin endpoints use timing-safe auth. Network override guards prevent cross-environment abuse. |
| Build verification | limited | Static build analysis completed — build scripts, CI/CD workflows, Docker configs reviewed. Compilation not possible without project env vars (expected for third-party audits). No supply chain concerns in build pipeline. |
| Security headers | complete | CSP with per-request nonces, HSTS (2yr preload), X-Content-Type-Options, Permissions-Policy, Referrer-Policy, X-Frame-Options. No unsafe-eval. Cache-Control prevents nonce reuse. |
Findings (16)
| ID | Severity | Title |
|---|---|---|
| TG-001 | critical | Stake pool _reserved[9] byte collision — market_resolved() and hwm_enabled() share same offset |
| TG-002 | high | unsafe_close feature provides full slab drain capability |
| TG-003 | medium | Matcher program upgrade authority is a single EOA wallet |
| TG-004 | medium | Placeholder program ID in source — must be replaced before mainnet deployment |
| TG-005 | medium | StakePool validate_discriminator accepts zeroed discriminator |
| TG-006 | medium | invoke_signed_unchecked bypasses RefCell borrow safety |
| TG-007 | low | Fail-open rate limiting on devnet airdrop endpoints |
| TG-008 | low | In-memory rate limiters bypassable on Vercel serverless |
| TG-009 | low | No percolator program ID validation in StakePool InitPool |
| TG-010 | low | AccrueFees instruction has no rate limiting |
| TG-011 | info | Twitter bio overstates Toly affiliation |
| TG-012 | info | Main percolator program is immutable — strong security positive |
| TG-013 | info | No drainers, malicious scripts, or data exfiltration detected |
| TG-014 | info | Comprehensive security middleware — nonce CSP, distributed rate limiting, IP blocklist |
| TG-015 | info | Kani formal verification and 179 test files — strong security investment |
| TG-016 | info | Fork of Toly's open-source percolator protocol with substantial independent development |
In percolator-stake, both market_resolved() (line 196) and hwm_enabled() (line 300) read/write to _reserved[9]. Enabling HWM protection writes 1 to _reserved[9], which simultaneously causes market_resolved() to return true, immediately blocking all deposits. Conversely, resolving the market unintentionally enables HWM logic. The layout comments at lines 184 and 291 document conflicting assignments.
percolator-stake/src/state.rs:196,300
// Line 196
pub fn market_resolved(&self) -> bool {
self._reserved[9] != 0
}
// Line 300
pub fn hwm_enabled(&self) -> bool {
self._reserved[9] == 1
}
Move hwm_enabled to a different byte offset (e.g., _reserved[12]). The layout comment at line 291 is the error — HWM must not share byte 9 with market_resolved.
The percolator-prog codebase contains an unsafe_close feature flag that completely skips ALL CloseSlab validation — no admin check, no vault balance check, no insurance check, no account count check, and no data zeroing. Any signer could drain all lamports from any slab. Compile-time guards at lines 15-20 prevent this from compiling with mainnet or without test features.
percolator-prog/src/percolator.rs:13-21,11771-11812
#[cfg(all(feature = "unsafe_close", feature = "mainnet"))]
compile_error!("unsafe_close MUST NOT be enabled on mainnet builds!");
#[cfg(all(feature = "unsafe_close", not(feature = "test")))]
compile_error!("unsafe_close requires `test` feature");
Consider removing this feature entirely and using a test helper function instead. While the compile-time guards are adequate, the feature's existence is an attack surface if build processes are compromised.
The matcher program (DHP6DtwXP1yJsz8YzfoeigRFPB979gzmumkmCxDLSkUX) has upgrade authority set to CTNRpc2N1Jhgjk4GfmoQuzHKC5HcxiSTE5Bh471yU6FP, which is a regular system account (EOA), not a multisig. A single private key can upgrade the matcher program to arbitrary code. The main percolator program is immutable (upgrade authority = None).
On-chain: ProgramData account GHKo9PKCVKTAbn8UqsVs2HL5S1UnhxZTkUoszLb1Aju2
Transfer matcher upgrade authority to a Squads multisig with at least 2-of-3 threshold. Alternatively, make the matcher immutable if no further upgrades are planned.
The percolator-prog source contains declare_id!('Perco1ator111111111111111111111111111111111') — a vanity/placeholder program ID. The actual deployed mainnet program uses a different ID (GM8zjJ8LTBMv9xEsverh6H6wLyevgMHEJXcEzyY3rY24). If the source were deployed as-is, the slab_guard owner check would use the wrong address.
percolator-prog/src/percolator.rs:37
declare_id!("Perco1ator111111111111111111111111111111111");
Replace with actual deployed program ID. Add a compile-time assertion under #[cfg(feature = 'mainnet')] that rejects placeholder IDs.
In percolator-stake, validate_discriminator() accepts both the correct discriminator AND an all-zeros pattern for backward compatibility with pre-versioning accounts. Combined with bytemuck::from_bytes (which accepts any byte pattern), a zeroed account could theoretically pass validation. PDA derivation checks prevent exploitation in practice.
percolator-stake/src/state.rs:280-284
pub fn validate_discriminator(&self) -> bool {
let disc = &self._reserved[..8];
disc == [0u8; 8] || disc == STAKE_POOL_DISCRIMINATOR
}
After migration period, remove the [0u8; 8] fallback. Add a migration instruction that writes the discriminator to legacy accounts.
In percolator-prog, invoke_signed_trade uses invoke_signed_unchecked which skips RefCell borrow validation. Safety comments are thorough and explain the invariants, but any future code change that holds a borrow across the CPI call could cause undefined behavior in BPF runtime.
percolator-prog/src/percolator.rs:1838-1875
pub fn invoke_signed_trade<'a>(...) -> Result<(), ProgramError> {
// Safety reasoning documented in comments
invoke_signed_unchecked(ix, &infos, &[seeds])
}
Add a comment-level invariant test or static analysis annotation. Consider restricting to #[cfg(feature = 'cu-audit')] with invoke_signed as default.
The airdrop and devnet-airdrop API routes return {allowed: true} on unexpected DB errors ('fail open to avoid blocking users'). A DB outage allows unlimited airdrops. Mitigated by: devnet-only endpoints minting test tokens with no real value.
app/api/airdrop/route.ts:128-131, app/api/devnet-airdrop/route.ts:152-155
Switch to fail-closed for rate limiting. The on-chain mint authority check is the true gate, but defense-in-depth suggests failing closed.
Several endpoints (ideas, applications, stats) use per-process Map rate limiters that reset on Vercel cold starts. An attacker distributing requests across instances bypasses these limits. The main middleware uses Upstash Redis (distributed) which is not affected.
app/api/ideas/route.ts, app/api/applications/route.ts, app/api/stats/route.ts
Migrate to Upstash Redis rate limiting (already used by middleware, advance-phase, and create-market endpoints).
During InitPool in percolator-stake, the percolator_program account is stored directly without verifying it is executable or checking its program ID. A malicious admin could point to an attacker-controlled program. Mitigated by: admin is already trusted (they create the pool).
percolator-stake/src/processor.rs:343
pool.percolator_program = percolator_program.key.to_bytes();
Add an expect_executable check on percolator_program during InitPool.
The AccrueFees instruction in percolator-stake is permissionless and idempotent (uses balance delta). While idempotent, an attacker could spam it to consume compute units.
percolator-stake/src/state.rs:88
Consider adding a minimum slot interval between fee accruals.
The @Percolator_ct Twitter bio claims 'Original CTO and Project of Toly's #Percolator' and the banner shows 'aeyakovenko / percolator' (Toly's GitHub). However, the token metadata itself explicitly states 'token has no direct affiliation with toly.' The project IS building on Toly's open-source percolator protocol (aeyakovenko/percolator, 522 stars, Apache-2.0) — dcccrypto forked it in Feb 2026 and has 112 commits ahead with substantial engineering (Kani formal verification). But the team (pseudonymous: Dark Cobra, Squid) are community builders, not Toly's team. The X community label 'Community takeover' is more honest than the bio.
Twitter @Percolator_ct bio, token metadata via Helius getAsset
Clarify the relationship in the bio — e.g., 'Building on Toly's open-source Percolator protocol' rather than implying direct team membership.
The core percolator program (GM8zjJ8LTBMv9xEsverh6H6wLyevgMHEJXcEzyY3rY24) has upgrade authority set to None. It cannot be modified by anyone. This eliminates the risk of malicious program upgrades. Deployed at slot 398964061.
On-chain: ProgramData 9PHPJez9kzTXYwPVEfrrbHtmjqcTUMQ7ZSeNWGx2czx3
Playwright crawl of 8 pages with mock wallet injection found zero unauthorized wallet interactions. All scripts are first-party Next.js bundles. No eval(), atob(), document.write(), or obfuscation patterns. Hidden iframe is Privy embedded wallet (legitimate). 6 external domains contacted are all legitimate Web3 infrastructure (Privy, Supabase, DexScreener, WalletConnect). No private keys or server-side secrets found in JS bundles.
https://percolatorlaunch.com/
The 445-line middleware implements: per-request CSP nonces (no unsafe-eval), HSTS with 2-year preload, Upstash Redis distributed rate limiting (120 req/min API, 600 req/min RPC), IP blocklist with CIDR support, slab blocklist, admin route guards with Supabase session verification, and trusted proxy depth for X-Forwarded-For spoofing prevention. RPC proxy has method allowlist excluding sendTransaction. All admin secret comparisons use timingSafeEqual.
app/middleware.ts
The Rust programs include Kani formal verification proofs for critical paths (overflow, bounds, symmetry). The TypeScript codebase has 179 test files covering API routes (rate limiting, auth, network guards), components, hooks, and E2E tests (security headers, wallet connect, responsive). GitHub Actions use pinned SHA commits for supply chain protection. Dependencies are clean (no known vulnerabilities).
Multiple: tests/, packages/core/test/, e2e/, .github/workflows/
The project forks aeyakovenko/percolator (522 stars, Apache-2.0) and aeyakovenko/percolator-prog. dcccrypto's fork is 112 commits ahead of upstream with substantial engineering including Kani proofs, ADL implementation, two-phase keeper cranks, and adaptive funding rates. percolator-matcher and percolator-stake are original programs by dcccrypto. Primary developer dcccrypto (Dark Cobra, UK, GitHub since 2021) has 181 commits; secondary contributor 0x-SquidSol has 31 commits.
https://github.com/dcccrypto/percolator-launch, https://github.com/aeyakovenko/percolator
This audit was performed by Opcode using AI-assisted review with human oversight. No audit can guarantee the complete absence of vulnerabilities. This report is not financial or legal advice.
© 2026 Opcode — opcode.run