Zoo.fun

Introduction

Zoo.Fun lets anyone spin up a brand-new “animal coin.”

Users buy the token during a pre-launch bonding-curve (PreDEX) phase; once supply reaches a hard cap, liquidity is migrated to Uniswap V3 and public trading begins. An ancillary LiquidityLocker holds LP tokens, and AnimalFactory deterministically deploys ERC-20s with fun animal names.

Why Did They Need an Audit?

Because PreDEX processes ETH↔token swaps, handles graduation, and auto-launches a Uniswap pool, errors in rounding or state sequencing could leave the contract insolvent—or let an attacker manipulate price before liquidity is seeded. Zoo.Fun engaged Three Sigma for a one-week deep dive before launching on zkSync.

Scope of the Engagement

Results and Findings

Key Critical Issues

Re-entrancy window in PreDEX.swap() enabled price manipulation at graduation

• Description: When a buyer’s ETH overpaid for the final curve tokens, the contract refunded them before it added liquidity to Uniswap V3. Because hasGraduated was already set, the attacker could immediately front-run, seed their own liquidity, shift the price, then arbitrage the freshly added official liquidity for risk-free profit.
• Resolution: refund now happens after _graduate() finalises pool deployment, closing the window.

Notable Medium-Severity Issues

Rounding up on token sells drained ETH reserve

• Description: The sell path in PreDEX.swap() rounded up, paying users slightly too much ETH each time. Over many sells, the reserve could fall short of the target amount required for graduation.
• Resolution: rounding direction switched to down so the protocol is never over-exposed.

Notable Low-Severity Issues

AnimalFactory.generateSalt() could hit RPC timeouts

• Description: The function brute-forces salts until the resulting CREATE2 address is lexicographically below WETH. In a worst-case name collision, the loop might iterate for thousands of blocks and exceed RPC limits.
• Resolution (acknowledged): let callers supply a start & end salt range so they can break long searches into manageable batches.

In conclusion

Three Sigma’s audit uncovered a critical sequencing flaw and a systemic rounding error that together threatened Zoo.Fun’s solvency at launch. After patching the refund order and sell-math, and documenting the salt-search caveat, Zoo.Fun’s contracts now offer a safer path from bonding-curve mint to Uniswap V3 trading—ready for zkSync main-net deployment.