meme token
Pepe PEPE
PEPE is a standard ERC-20 meme token on Ethereum with a renounced contract and no custom cryptographic mechanisms. Per QRI Section 7.2 (Token Inheritance), PEPE inherently shares Ethereum's base-layer quantum-readiness posture. As of 2026-06-05, Ethereum has no production PQC protection—all spend authorization remains ECDSA-based and consensus relies on BLS signatures, both quantum-vulnerable. The PEPE token contract itself has no admin keys (ownership renounced to zero address), eliminating token-level admin-key quantum risk. However, the project maintains a multisig treasury wallet secured by standard ECDSA, representing a concentrated quantum-vulnerable value pool with a documented history of key-management failures (August 2023: 16T tokens stolen after signer threshold reduced from 5/8 to 2/8). The PEPE project has published no quantum risk assessment, cryptographic inventory, migration roadmap, or PQC custody plan. The QRI Score of 5 reflects verifiable public evidence (contract code, audit) but zero production quantum protection and no project-level quantum readiness work. Token holders should monitor Ethereum's post-quantum migration progress, as PEPE's security depends entirely on Ethereum's transition.
Not AssessedToken Inheritance: Ethereum L1Roadmap Only
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
3.53 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0 / 15
Migration Status & Value-at-Risk
1 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
0 / 5
Critical Quantum Blockers
- Project multisig wallet holding significant PEPE supply uses classical ECDSA signers with no post-quantum migration path or public mitigation plan.
- All PEPE token transfers rely on Ethereum's quantum-vulnerable ECDSA transaction signatures; no production PQC path exists on Ethereum mainnet.
Key Risks
- Inherited ECDSA vulnerability: All PEPE token transfers depend on Ethereum's quantum-vulnerable ECDSA transaction signatures. When a cryptographically relevant quantum computer emerges, any PEPE held in EOAs with exposed public keys could be stolen.
- Multisig treasury at risk: The PEPE project multisig holds a material portion of token supply behind ECDSA signer keys. If signer public keys are exposed on-chain (likely if those EOAs have sent transactions), the treasury is vulnerable to offline quantum key-recovery attacks with no time constraint (long-exposure/at-rest attack surface).
- No migration path: Neither Ethereum L1 nor the PEPE project offers a production PQC migration path for token holders or the multisig as of the evaluation date. Ethereum's structured fork milestones target ~2029 for core PQC infrastructure—several years away.
- Operational key-management history: The August 2023 multisig incident (internal theft via threshold manipulation) demonstrates that the remaining multisig signers operate with weak operational controls, compounding the quantum risk for the treasury.
Assurance Notes
- PEPE is a standard ERC-20 token with no custom cryptographic primitives; inherits Ethereum L1 QRI per Section 7.2.
- Token contract ownership is renounced (owner = zero address), eliminating admin-key quantum risk at the contract level. Verified by Fairyproof audit (2023-08-21) and Etherscan.
- Fairyproof audit confirmed renounced ownership and no critical vulnerabilities in token issuance; audit is stale but relevant for the static, immutable contract.
- Project multisig wallet holds a significant portion of PEPE supply and uses classical ECDSA signers on Ethereum; August 2023 incident (16T PEPE illicitly transferred after threshold reduction from 5/8 to 2/8) demonstrates operational risk.
- No public quantum risk assessment, cryptographic inventory, migration plan, or post-quantum roadmap from the PEPE project or community.
- Current multisig signer composition, threshold, and public-key exposure status are not publicly verifiable as of evaluation date.
- No token-specific source code repository or documentation beyond verified Etherscan contract source.
- Ethereum L1 is at Stage 2 (Mitigation/Development) with active research, weekly PQ devnets across 10+ client teams, and structured fork milestones targeting ~2029 for core post-quantum infrastructure. EIP-8141 (native account abstraction) is being considered for Hegotá fork (H2 2026).
Non-Scoring Caveats
- PEPE is a meme token with no active development team or governance structure; quantum readiness is not a project priority.
- Token contract is renounced and immutable; no upgrade path exists at the contract level.
- All base-layer quantum risk (ECDSA spend authorization, Ethereum consensus, P2P) is inherited from Ethereum L1 and not token-specific.
- Secondary deployments of PEPE on other chains (e.g., BSC, Base) exist but are out of scope for this evaluation (primary scope is Ethereum mainnet ERC-20).
- The August 2023 multisig incident demonstrates operational and key-management weaknesses that compound quantum risk for the treasury.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory and quantum threat model
Claim: PEPE has no published cryptographic inventory or quantum threat model. All cryptographic dependencies are standard ERC-20 / Ethereum L1 primitives, publicly verifiable on Etherscan.
Coverage basis: Publicly verifiable contract code; no project-published quantum assessment
Implementation score: 0 · Evidence confidence: None
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: Contract source is verified and audited; cryptographic surface is trivially simple (standard ERC-20). No formal quantum threat model exists, but the attack surface is fully knowable from public artifacts.
The project has not published a quantum-specific assessment. The Fairyproof audit (2023) covers general smart-contract security only.
Security Assessment & Evidence Preparedness
Public evidence record supporting the assessment
Claim: Evidence includes verified contract source on Etherscan, Fairyproof audit report, and third-party reporting on the multisig incident. No quantum-curated evidence record exists.
Coverage basis: Public block explorer, audit PDF, news article
Implementation score: 0 · Evidence confidence: None
Issue classification: assurance-only caveat · Score treatment: score-reducing
Assurance: Audit is from 2023 (stale but relevant for renounced-ownership claim). Multisig incident reporting is from 2023. Evidence is sufficient to assess quantum risk posture but not organized as a quantum evidence record.
Evidence record exists but is not quantum-curated. The contract is simple enough that the existing evidence supports a complete understanding of the token's cryptographic surface.
Production Cryptographic Protection
Spend authorization / transaction signatures
Claim: PEPE token transfers are authorized via standard Ethereum transactions using ECDSA (secp256k1). No PQC or hybrid-PQC spend authorization exists on Ethereum mainnet.
Coverage basis: Inherited from Ethereum L1; token has no independent spend-authorization mechanism
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: ECDSA-only spend authorization on Ethereum L1; no production PQC path exists
Assurance: Ethereum's ECDSA dependency is well-documented. Ethereum Foundation acknowledges this vulnerability and has active PQC devnets (10+ client teams, weekly interop) but no mainnet deployment.
Per QRI §7.2, PEPE inherits Ethereum's spend-authorization posture. Ethereum's structured fork milestones target ~2029 for core PQC infrastructure. EIP-8141 (native account abstraction) is being considered for Hegotá fork (H2 2026).
Production Cryptographic Protection
Account, address, public-key exposure, and key-derivation design
Claim: PEPE tokens are held in standard Ethereum EOAs. Public keys are exposed on-chain after the first outgoing transaction, creating long-exposure (at-rest) quantum vulnerability.
Coverage basis: Inherited from Ethereum L1 account model
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Ethereum EOAs expose public keys after first transaction, enabling offline quantum key-recovery (long-exposure attack surface)
Assurance: Well-understood property of Ethereum's account model. No PQC account type exists on mainnet.
PEPE inherits this vulnerability from Ethereum. Any PEPE held in an EOA that has sent a transaction has an exposed public key vulnerable to offline Shor's algorithm attacks.
Production Cryptographic Protection
Consensus-critical authentication
Claim: Ethereum consensus uses BLS signatures for validator attestations and block certification. BLS is quantum-vulnerable (pairing-based, ECDLP).
Coverage basis: Inherited from Ethereum L1 consensus layer
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Ethereum consensus (BLS) is quantum-vulnerable; PQ Public Key Registry design published June 2026, no production deployment
Assurance: EF Post-Quantum team published validator PQ key registry design on ethresear.ch (June 1, 2026). leanXMSS + leanVM aggregation under active development. No production deployment.
A quantum attacker who can forge BLS validator signatures could disrupt Ethereum finality, indirectly affecting PEPE token security. This is an inherited risk from Ethereum L1.
Production Cryptographic Protection
State-integrity and data-availability mechanisms
Claim: Ethereum's data availability uses KZG commitments (elliptic-curve-pairing-based), which are quantum-vulnerable. PEPE token state integrity inherits this dependency.
Coverage basis: Inherited from Ethereum L1 data layer
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: KZG commitment vulnerability is acknowledged by Ethereum Foundation. Post-quantum data availability is on the roadmap but not deployed.
Inherited risk. PEPE does not add independent state-integrity mechanisms beyond Ethereum L1.
Production Cryptographic Protection
Privacy and proof layers
Claim: PEPE has no privacy layer, shielded transactions, or ZK proof systems.
Coverage basis: Token design
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
P2P transport, node identity, and peer authentication
Claim: P2P networking is an Ethereum L1 function. PEPE as a token has no independent P2P layer.
Coverage basis: Token architecture
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
Critical wallet, custody, HSM, signer, and hardware-wallet workflows
Claim: The PEPE project multisig wallet uses standard Ethereum ECDSA for signer authorization. No PQC wallet, custody, or HSM workflow exists for the multisig.
Coverage basis: Project multisig wallet (ECDSA-based)
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: PEPE project multisig uses ECDSA signer keys; a CRQC could forge signatures to drain the treasury if signer public keys are exposed on-chain
Assurance: Current multisig address, signer threshold, and key exposure status are not independently verified for this evaluation. The 2023 incident confirms the multisig exists and holds material PEPE supply. The January 2025 transfer of 170B PEPE to a new wallet (per blockchainreporter.net) suggests ongoing multisig activity.
The token contract itself is renounced (owner = zero address), so there is no token-level admin key quantum risk. The quantum risk is concentrated in the off-chain multisig custody of treasury tokens.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected
Claim: No PEPE value is protected from quantum key-recovery attacks. All PEPE tokens exist on Ethereum with ECDSA-based spend authorization.
Coverage basis: Token supply on Ethereum L1
Implementation score: 0.05 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: 0% of PEPE value-at-risk is quantum-protected; coverage is effectively zero
Assurance: PEPE is not PQ-native. All value exists on Ethereum which has no production PQC. Coverage is unambiguously <25%.
Per QRI §9.3.1 coverage thresholds: <25% → score 1 (the subfactor weight is 20, so earned = 20 × 0.05 = 1.00).
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: The PEPE project multisig is not migrated to any PQC-protected custody. No critical PEPE wallets are known to use PQC.
Coverage basis: Project multisig and known treasury wallets
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: PEPE project multisig remains on standard ECDSA with no PQC migration path
Assurance: No evidence of any PQC wallet or custody migration for PEPE treasury. The multisig's current address and configuration are not independently verified.
The token contract itself has no admin keys (renounced), which eliminates one class of critical-wallet risk. The remaining risk is in the off-chain multisig.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts identified, measurable, deprecated, or migrated
Claim: No legacy vulnerable PEPE pools have been identified, measured, deprecated, or addressed by the project.
Coverage basis: Project-level migration tracking
Implementation score: 0 · Evidence confidence: None
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: PEPE as a standard ERC-20 inherits Ethereum's account model. All EOAs with transacted PEPE have exposed public keys. No project-level effort to identify or address these exists.
This subfactor is inherently tied to Ethereum L1's account model. Until Ethereum provides account-level PQC migration, PEPE cannot independently address this.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap
Claim: No quantum migration roadmap has been published by the PEPE project.
Coverage basis: Project publications and communications
Implementation score: 0 · Evidence confidence: None
Issue classification: assurance-only caveat · Score treatment: score-reducing
Assurance: No roadmap found in any public PEPE communication channel. This is unsurprising for a meme token with a renounced contract.
PEPE depends entirely on Ethereum's migration roadmap (targeting ~2029). The project has not articulated any token-specific migration steps.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults
Claim: No PQC account creation, wallet tooling, transaction paths, custody paths, or user-facing migration prompts exist for PEPE.
Coverage basis: Token ecosystem tooling
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: score-reducing
Assurance: No PQC wallet, custody, or migration tooling exists for Ethereum generally as of the evaluation date. PEPE inherits this gap.
Standard Ethereum wallets (MetaMask, Trust Wallet, etc.) support PEPE but use ECDSA exclusively. No PEPE-specific tooling addresses quantum migration.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination
Claim: No deprecation, freeze, disabled legacy signing, restricted withdrawals, or mandatory migration mechanisms exist for PEPE or its dependent infrastructure.
Coverage basis: Token governance and infrastructure
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: score-reducing
Assurance: The token contract is renounced with no governance mechanism. No enforcement is possible at the token level. All enforcement depends on Ethereum L1 and exchange/custody coordination.
The renounced contract means the PEPE project cannot enforce migration at the token level even if it wanted to. This is a structural limitation for any token-specific quantum migration.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum vulnerabilities
Claim: No quantum-specific emergency disclosure, incident-response process, or governance mechanism exists for PEPE.
Coverage basis: Project governance and security processes
Implementation score: 0 · Evidence confidence: None
Issue classification: assurance-only caveat · Score treatment: score-reducing
Assurance: The PEPE project has no formal security contact, disclosure process, or governance structure. The August 2023 multisig incident response was conducted via social media. This is noted as an operational gap but does not independently create a quantum-attack path beyond what already exists.
Per QRI §8.2, the absence of a formal quantum-specific incident-response playbook does not create a Readiness & Risk Cap by itself. It is recorded here as an assurance note.
Algorithm & Implementation Assurance
Uses NIST-standardized, standards-track, or broadly reviewed PQC/hybrid-PQC algorithms
Claim: No PQC or hybrid-PQC algorithms are used in any PEPE-specific context. The token relies entirely on Ethereum's ECDSA and Keccak-256.
Coverage basis: Token contract and dependent infrastructure
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Contract source is verified and uses only standard Solidity/OpenZeppelin primitives (ERC-20, Ownable). No custom crypto.
PEPE has no independent PQC algorithm usage. This subfactor is scored at 0.00 because the token uses no PQC at all, not because it uses non-standard PQC.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit for quantum-critical scope
Claim: The Fairyproof audit (2023) covers general smart-contract security and confirms renounced ownership. It does not address quantum-critical cryptographic properties.
Coverage basis: Fairyproof audit report (2023-08-21)
Implementation score: 0 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: confidence-only
Assurance: Audit is 2.8 years old (stale). It covers general security (owner renounced, no critical vulnerabilities in token issuance) but has no quantum-specific scope. The token has no PQC implementation to audit, so a quantum-scoped audit would have nothing to evaluate at the token level.
Per QRI §6.4, a scope-mismatched or stale audit does not reduce the QRI Score by itself when the quantum-critical property (no PQC deployed) is verifiable from other evidence. The audit supports the claim that the contract is renounced and standard.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: PEPE token contract source code is verified on Etherscan and is a standard OpenZeppelin-derived ERC-20 implementation.
Coverage basis: Etherscan verified contract
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: Source code is publicly verified and matches the deployed bytecode. The implementation is standard and reproducible.
Full credit for open-source availability. The contract uses standard, well-understood patterns.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path
Claim: No PQC parameter agility or documented upgrade path exists. The token contract is renounced, making token-level upgrades impossible without a new contract deployment.
Coverage basis: Token contract architecture
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: The renounced ownership means no token-level upgrade is possible. Any quantum migration would require users to move tokens to a new contract, which depends on Ethereum L1 providing PQC accounts.
Parameter agility is inapplicable at the token level since there are no token-specific cryptographic parameters. The upgrade path limitation is structural (renounced contract) and inherent to the token's design.
Algorithm & Implementation Assurance
Stateful-signature safety, side-channel, fault-injection, custody implementation risks
Claim: No stateful PQC signatures (XMSS/LMS) are used by PEPE or its dependent infrastructure.
Coverage basis: Token architecture
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Algorithm & Implementation Assurance
Performance and resource-impact analysis for PQ signature/verification costs
Claim: No performance or resource-impact analysis exists for PEPE, as no PQC deployment is planned or implemented.
Coverage basis: Project documentation
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Performance analysis is a deployment-readiness concern. Since PEPE has no PQC roadmap, this subfactor is not applicable to the current evaluation scope.
Report metadata