Skip to content

MEFAI-SOL-7gcoey4EXJcZ8u3iGYhgTBrh3JuhLWzV4Gs1zNaPtu3U.md

Latest commit

 

History

History
207 lines (142 loc) · 8.02 KB

MEFAI-SOL-7gcoey4EXJcZ8u3iGYhgTBrh3JuhLWzV4Gs1zNaPtu3U.md

File metadata and controls

207 lines (142 loc) · 8.02 KB

Security Audit Report: META FINANCIAL AI (MEFAI) - Solana

Report Information

Field Value
Audit Firm Mefai Security Research
Report Date 2026-03-25
Token Address 7gcoey4EXJcZ8u3iGYhgTBrh3JuhLWzV4Gs1zNaPtu3U
Chain Solana Mainnet
Token Program SPL Token (TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA)
Audit Type Token Configuration + On-Chain Verification
Mefai Security Score 96/100
Overall Risk LOW

Important: Solana Token Audit Methodology

Unlike EVM chains where custom Solidity source code is audited line-by-line, standard SPL tokens on Solana use Solana's built-in Token Program - there is no custom code to audit. The security surface is entirely in on-chain configuration: authorities, metadata mutability, LP lock status, and holder distribution. Mefai Security Research performs direct on-chain verification via Solana RPC calls - not relying on third-party scanning services, but querying the blockchain directly for authoritative data.

1. Token Overview

Field Value
Name META FINANCIAL AI
Symbol MEFAI
Decimals 9
Total Supply ~100,000,000 (fixed)
Token Program Standard SPL Token (NOT Token-2022)
Holders 1,178
Creator GDqdSs6grtGnARcTKdu19rBEsTwuJQJCWb4UrW3AUuYu
Website https://mefai.io

2. Security Assessment Summary

Risk Rating

Severity Count
Critical 0
High 0
Medium 0
Low 1
Informational (Positive) 6

Overall Risk: LOW

3. Security Checklist

Check Status Verified Via Details
Mint Authority SAFE Solana RPC getAccountInfo REVOKED (null) - No new tokens can ever be created
Freeze Authority SAFE Solana RPC getAccountInfo REVOKED (null) - No wallet can be frozen
Metadata Mutability SAFE On-chain mutable: false IMMUTABLE - Name, symbol, image cannot be changed
Transfer Fee SAFE Token Program analysis 0% - No hidden tax on transfers
Token Program SAFE Account owner field Standard SPL Token - no hidden extensions possible (not Token-2022)
LP Lock SAFE Direct RPC verification LOCKED via PinkLock until 2026-09-25
Insider Networks SAFE On-chain holder analysis 0 detected

4. LP Lock Verification (On-Chain)

LP tokens are locked via PinkSale's PinkLock program. Verified by decoding the lock record directly from Solana blockchain via getAccountInfo:

Field Value
Lock Record 9vbrLMNnxnthojJYQZc1cCKvdPzSmzPe33uHmxocC2mF
Lock Program PLockmwUF82vkr8koh8CSbrbjhBuao2TT9N69RmGRQ4 (PinkLock)
Lock Owner 3tod4efVpW11sLNR7HPke6o5xcbpBkWerjJFvFBetWjM
LP Token Mint 2Yx77v9fuaq2Up7wnWDJeAJB4vmdYA8kM8s9VMHZBT18
Lock Date 2026-03-15 17:59:20 UTC
Unlock Date 2026-09-25 17:59:20 UTC
Lock Duration 194 days (~6 months)
LP Amount 87,354,557,275,837 (full LP supply)
PinkSale URL View Lock Record

Verification method: Direct Solana RPC getAccountInfo on the lock record account, binary decoding of PinkLock data structure. On-chain verification is the only authoritative source for LP lock status.

5. Liquidity Analysis

Pool Type Liquidity Platform
EHzHnz5f1VTLaLC5nE6QhgqMggnGzSZonQ6Sin67nQeL CPMM ~$95,820 Raydium
CG2RTGHKAa49ihVWLbBPtnSshC5TtbrxhVphHb2TtvnX CLMM ~$17 Raydium

Total Market Liquidity: ~$95,941

6. Findings

Finding #1: Metadata Hosted on PinkSale CDN (Low)

Severity: Low Status: Noted

Token metadata URI points to cdn.pinksale.finance. If PinkSale discontinues CDN service, token images may not display in wallets. Does not affect token functionality.

Recommendation: Consider migrating metadata to Arweave or IPFS for permanence.

Finding #2: Mint Authority Revoked (Informational - Positive)

Mint authority is null. No additional MEFAI tokens can ever be created. Supply is permanently fixed. This eliminates the infinite mint attack vector entirely.

Finding #3: Freeze Authority Revoked (Informational - Positive)

Freeze authority is null. No entity can freeze any holder's token account. Holders can always transfer and trade freely.

Finding #4: Metadata Immutable (Informational - Positive)

On-chain metadata is marked mutable: false. Token name, symbol, and image cannot be changed to impersonate another project.

Finding #5: Zero Transfer Fee (Informational - Positive)

Transfer fee is 0% with no fee authority. No hidden tax on Solana transfers.

Finding #6: Standard SPL Token Program (Informational - Positive)

Uses TokenkegQfeZyiNwAJbNbGKPFXCWuBvf9Ss623VQ5DA (standard SPL Token), NOT Token-2022. No hidden token extensions are possible (no confidential transfers, no transfer hooks, no permanent delegate). The standard SPL Token program is Solana's most audited and battle-tested token implementation.

Finding #7: LP Locked via PinkLock (Informational - Positive)

All LP tokens are locked in PinkLock until September 25, 2026. Verified directly from Solana blockchain. This eliminates the liquidity removal rug-pull vector.

7. Risk Summary

Category Rating Details
Mint Authority SAFE Revoked - no inflation risk
Freeze Authority SAFE Revoked - no account freezing
Metadata SAFE Immutable - no identity swap
Transfer Fee SAFE 0% - no hidden tax
LP Lock Status SAFE Locked via PinkLock until 2026-09-25 (verified on-chain)
Token Program SAFE Standard SPL Token - no hidden extensions
Insider Networks SAFE 0 detected
Transaction Patterns SAFE Organic trading activity

8. Mefai Security Score

96/100 - LOW RISK

Category Check Result Score
Ownership & Access Control Mint + freeze authority = null Revoked 20/20
Supply & Minting Mint authority revoked, ~100M fixed No minting possible 20/20
Liquidity & LP Security PinkLock until 2026-09-25 (6 months) Locked 16/20
Code & Program Safety Standard SPL Token, no extensions Maximum safety 15/15
Fee & Transfer Mechanics 0% fee, no freeze, no restrictions No fees 15/15
Transparency & Metadata Metadata immutable, mefai.io active Full transparency 10/10
TOTAL 96/100

Scoring methodology: SCORING.md

This token demonstrates best-practice security configuration on Solana:

  1. Mint authority revoked - supply is permanently fixed
  2. Freeze authority revoked - holders can always trade freely
  3. Metadata immutable - identity cannot be changed
  4. LP locked - liquidity cannot be removed until September 2026
  5. Standard SPL Token - no hidden extensions or custom program risks
  6. Zero transfer fee - no hidden taxation
  7. Zero insider networks - no coordinated manipulation detected

This token is safe for holders. All critical security measures are in place and verified directly from the Solana blockchain.

Data Sources & Verification

Source Method Purpose
Solana RPC getAccountInfo (jsonParsed) Mint account, authorities, program owner
Solana RPC getTokenSupply Circulating supply
Solana RPC getTokenLargestAccounts Holder distribution
Solana RPC getAccountInfo on PinkLock record LP lock verification
Solana RPC getSignaturesForAddress Transaction pattern analysis
DexScreener API REST Market data, pair info

Report by Mefai Security Research | 2026-03-25 | All findings verified via direct Solana RPC