meme token
Pump.fun PUMP
Pump.fun (PUMP) is a standard SPL token on Solana with no custom cryptographic or cross-chain dependencies. Per QRI §7.2 Token Inheritance, it shares Solana's base-layer (L1) quantum posture. As of 2026-06-05, Solana has no production post-quantum cryptographic protection: all spend authorization uses Ed25519, consensus uses BLS12-381, and all account addresses are exposed Ed25519 public keys (long-exposure attack surface). Token-specific admin authorities (global authority, fee recipients, withdraw authority, set_creator_authority, fee sharing config admins) are all standard Ed25519 keypairs, creating an additional quantum-critical vulnerability independent of the base layer. Solana's quantum research is well-documented (Falcon-512 identified as leading PQC candidate, Anza migration proof-of-concept at ~400kB/55ms, Blueshift Winternitz Vault opt-in on mainnet, SIMD-0461 Falcon syscall proposed), but none of this constitutes material production protection. The QRI Score of 4 reflects Stage 1 (Quantum Risk Assessed): quantum risk is acknowledged through Solana ecosystem work, but there is no meaningful production protection for PUMP token holders or admin authorities. Approximately $642M in market cap and $74M daily volume remain protected only by quantum-vulnerable Ed25519 signatures. Confidence is Medium: the quantum-critical vulnerabilities are well-established from primary sources (public code, official documentation, Solana research publications), but no Pump.fun-specific quantum assessment or PQC migration work exists.
Roadmap OnlyInherits L1 Score [Solana]SPL TokenMeme/Utility TokenPartial Protection (PDA state only)
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
1.11 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0.75 / 15
Migration Status & Value-at-Risk
0 / 25
Production Cryptographic Protection
1.64 / 35
Security Assessment & Evidence Preparedness
0 / 5
Critical Quantum Blockers
- Active production spend authorization remains entirely Ed25519-only (inherited from Solana L1). Every PUMP token transfer, buy, sell, and migration instruction is authorized by quantum-vulnerable Ed25519 signatures.
- Token admin/authority keys (Global authority FFWtrEQ4B4PKQoVuHYzZq8FabGkVatYzDpEVHsK5rrhF, fee recipients, withdraw authority, admin_set_creator_authority, set_creator_authority, and fee sharing authorities) are all standard Ed25519 keypairs. A quantum adversary recovering these keys could update global configuration, redirect fees, manipulate bonding curves, override creator assignments, drain creator vaults, or compromise migration authority.
- Solana L1 consensus authentication uses BLS12-381 signatures (quantum-vulnerable). While consensus compromise is an L1 concern, it directly affects PUMP token finality and settlement.
Key Risks
- All PUMP token transfers, bonding-curve buy/sell operations, and liquidity migrations are authorized by Ed25519 signatures. A cryptographically relevant quantum computer could recover private keys from on-chain public keys and forge spend-authorizing signatures for any PUMP holder account.
- Pump.fun Global authority (FFWtrEQ4B4PKQoVuHYzZq8FabGkVatYzDpEVHsK5rrhF) and related admin keys control protocol-wide configuration including fee parameters, fee recipients, creator assignment, and migration logic. Compromise would enable fee redirection, creator override, and potential drainage of creator vaults.
- All Solana account addresses are Ed25519 public keys with no hash-based address shielding. Every PUMP holder address that has ever signed a transaction has an exposed, long-exposure public key vulnerable to offline quantum attack with no time constraint.
- Solana's Alpenglow consensus uses BLS12-381 signatures. A quantum adversary compromising consensus could disrupt PUMP transaction finality, enable double-spend attacks affecting PUMP settlement, or censor PUMP transactions.
- No evidence exists that Pump.fun has adopted Blueshift Winterwallet, Winternitz Vaults, or any PQC mechanism for its admin authorities, treasury, or protocol-controlled accounts.
- PUMP token exists in a ~$642M market with ~$74M daily trading volume. All of this value-at-risk is currently unprotected against quantum key-recovery attacks. No migration timeline, freeze mechanism, deprecation policy, or salvage plan exists for PUMP-specific value.
- Solana's migration path (Falcon-512, seed-based ZK migration proofs) is contingent on protocol upgrades (SIMD-0296, SIMD-0461, Agave 4.1+) that have not yet reached mainnet. The timeline for these upgrades is uncertain and the PUMP token has no independent migration capability.
Assurance Notes
- Pashov Audit Group smart-contract audit (2025-03-18) covers fixed-price-token-sale but does not assess quantum resistance or cryptographic agility. This is scope-mismatched for quantum-critical assurance.
- Solana L1 quantum research is well-documented (Jump Crypto April 2026, Anza April 2026, Solana Foundation, Helius, Blueshift) but represents research/prototype/roadmap-stage work, not production protection.
- SIMD-0461 (Falcon-512 signature verification syscall) is proposed but not yet merged or activated on mainnet. SIMD-0296 (4096-byte transaction size) is under development, expected with Agave 4.1, and not yet live on mainnet as of the evaluation date.
- Blueshift Winternitz Vault / Winterwallet provides opt-in application-level PQC on Solana mainnet but there is no evidence Pump.fun has adopted it for any admin authority, treasury, or protocol-controlled key.
- No quantum-specific incident-response playbook, formal performance benchmarks for PQ migration, or exchange custody attestations exist for PUMP. These are recorded as assurance notes rather than score deductions per QRI §7.4.
- Agave v4.0 reached mainnet-beta general recommendation ~2026-05-18; Agave v4.1 (which includes SIMD-296 larger transactions needed for native Falcon signatures) is in beta/pre-release as of the evaluation date.
Non-Scoring Caveats
- The Pashov Audit Group smart-contract audit (2025-03-18) is stale but still relevant for smart-contract logic. It does not cover quantum resistance and is recorded as an assurance-only caveat per QRI §6.5.
- Solana's Falcon-512 research, Anza migration proof-of-concept, and Blueshift Winternitz Vault are roadmap/prototype-stage work. They do not materially protect PUMP token holders or admin authorities today.
- Future PQ-to-PQ upgrades on Solana (e.g., Falcon → SQISign if standardized) would not constitute an incomplete ECC-to-PQC migration for the current scope and are recorded as roadmap/operational notes per QRI §7.1.
- PUMP token market cap (~$642M) and daily volume (~$74M) represent material quantum-exposed value-at-risk. All of this value is currently protected only by Ed25519 signatures.
- No evidence of cross-chain bridges for PUMP that would introduce additional bridge-specific quantum vulnerabilities beyond the Solana L1 base layer.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory and quantum threat model (9.1.1)
Claim: Solana ecosystem has published comprehensive cryptographic inventories and quantum threat models covering Ed25519, BLS12-381, account exposure, and consensus vulnerabilities. Pump.fun inherits this assessment for base-layer cryptography but has published no token-specific inventory.
Coverage basis: Inherited from Solana L1; no Pump.fun-specific inventory
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: Solana L1 inventory is well-sourced from multiple independent teams (Jump Crypto, Anza, Helius, Blueshift). No Pump.fun-specific cryptographic inventory exists.
Pump.fun public docs (https://github.com/pump-fun/pump-public-docs) document program architecture but contain no quantum-specific content. Score reflects absence of token-specific assessment.
Security Assessment & Evidence Preparedness
Public evidence record supporting assessment (9.1.2)
Claim: Solana ecosystem has extensive public evidence including code references, SIMDs, prototype implementations, and research publications. Pump.fun has published no quantum-specific evidence.
Coverage basis: Inherited from Solana L1; no Pump.fun-specific evidence
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: Solana PQC prototype code is publicly available. Pump.fun public docs contain no quantum-specific evidence.
Anza migration proof prototype at anza-xyz/cryptography/pull/10 demonstrates ~400kB proof generation in ~55ms. This is research-stage work, not production protection.
Production Cryptographic Protection
Spend authorization / transaction signatures (9.2.1)
Claim: PUMP token transfers and Pump.fun program interactions (buy, sell, create, migrate) are authorized exclusively by Ed25519 signatures on Solana mainnet. No PQC or hybrid-PQC spend path exists.
Coverage basis: Ed25519-only; inherited from Solana L1
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Active production spend authorization remains entirely Ed25519-only (inherited from Solana L1)
Assurance: Confirmed by Pump.fun IDL requiring user signer for all value-moving instructions and Solana runtime verifying Ed25519 signatures.
All buy, sell, create, migrate, and admin instructions require Ed25519 signer authorization. No Falcon, ML-DSA, SLH-DSA, or Winternitz signature path exists at protocol or application level for PUMP.
Production Cryptographic Protection
Account/address/public-key exposure and key-derivation design (9.2.2)
Claim: All Solana accounts (including all PUMP holder addresses) use Ed25519 public keys directly as addresses. Every account that has signed a transaction has a long-exposure public key visible on-chain.
Coverage basis: Long-exposure Ed25519 public keys; inherited from Solana L1
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: All Solana addresses are exposed Ed25519 public keys with no hash-based shielding; long-exposure attack surface for all active accounts
Assurance: Solana's address model is well-documented. Unlike Bitcoin's P2PKH, Solana has no unspent-address safety net.
Per Helius analysis: 'every externally owned account on Solana is, by default, Shor-vulnerable once a sufficiently powerful quantum machine exists. No unspent-address safety net exists here.' PUMP token has ~120K holders (CoinMarketCap) with exposed public keys.
Production Cryptographic Protection
Consensus-critical authentication (9.2.3)
Claim: Solana's Alpenglow consensus uses BLS12-381 signatures for validator votes and certificate aggregation. No PQC consensus path exists.
Coverage basis: BLS12-381; inherited from Solana L1
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Solana L1 consensus authentication uses BLS12-381 signatures (quantum-vulnerable)
Assurance: Jump Crypto notes that no practically deployable PQ analogue to BLS aggregation exists yet. LaBRADOR-based Falcon aggregation and STARK-based approaches are active research areas.
Consensus compromise is an L1 concern but directly affects PUMP transaction finality and settlement. This is inherited risk from Solana.
Production Cryptographic Protection
State-integrity and data-availability mechanisms (9.2.4)
Claim: Solana PDAs are hash-based (SHA-256) and quantum-safe by design. However, supply-binding (mint authorities), upgrade authorities, freeze authorities, and program admin controls all rely on Ed25519 signatures.
Coverage basis: Partial: PDAs are hash-based (quantum-safe); authority mechanisms are Ed25519 (quantum-vulnerable)
Implementation score: 0.25 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: PDAs rely on SHA-256 second-preimage resistance which is not threatened by Grover's algorithm at practical scale. However, PDAs are controlled by Ed25519 authorities.
Pump.fun bonding curve state, global config, fee sharing configs, and creator vaults are all PDA-based (quantum-safe state binding). But their creation, update, and authority controls are Ed25519-signed (quantum-vulnerable). PUMP token mint authority, if not renounced, is Ed25519-based.
Production Cryptographic Protection
Privacy and proof layers (9.2.5)
Claim: Pump.fun has no privacy layer, shielded transactions, ZK proofs, or confidential transfer capabilities.
Coverage basis: N/A
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
P2P transport, node identity, and peer authentication (9.2.6)
Claim: Solana's P2P layer (Turbine/Rotor, Gossip, QUIC) uses Ed25519 for shred signing and node identity. No PQC P2P path exists.
Coverage basis: Ed25519; inherited from Solana L1
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: P2P transport is not directly spend-critical for PUMP tokens but affects network availability and censorship resistance. Recorded as score-reducing per QRI applicability rules.
Jump Crypto notes Turbine shred signing, Gossip, and QUIC all use Ed25519. PQ shred authentication requires Merkle-root signing or post-block verification approaches per Helius analysis.
Production Cryptographic Protection
Critical wallet, custody, HSM, signer, and hardware-wallet workflows (9.2.7)
Claim: No evidence that Pump.fun admin authorities, treasury, or protocol-controlled accounts use Blueshift Winterwallet, Winternitz Vaults, or any PQC signing path.
Coverage basis: No PQC wallet/custody adoption for Pump.fun
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Pump.fun admin authorities (global, fee, withdraw, set_creator) are Ed25519 keypairs with no evidence of PQC migration
Assurance: Blueshift Winterwallet exists on Solana mainnet as an opt-in PQC vault. No on-chain evidence indicates Pump.fun authorities have adopted it.
Pump.fun Global authority FFWtrEQ4B4PKQoVuHYzZq8FabGkVatYzDpEVHsK5rrhF is a standard Ed25519 account. All 7 fee_recipients, withdraw_authority, and admin_set_creator_authority are Ed25519 keys.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected (9.3.1)
Claim: 0% of PUMP token value-at-risk is protected by PQC. All ~$642M market cap (~$74M daily volume, ~120K holders) is secured only by Ed25519 signatures.
Coverage basis: 0% protected; ~$642M vulnerable
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: ~$642M PUMP market cap is entirely unprotected against quantum key-recovery attacks
Assurance: Market cap and volume figures from CoinMarketCap and CoinGecko as of 2026-06-05. Value-at-risk includes circulating supply (~353B PUMP) and protocol-controlled treasury/value pools.
PUMP is an active SPL token with significant daily volume. All value is held in Ed25519-secured accounts. No portion has been migrated to Winternitz Vaults or any PQC protection mechanism.
Migration Status & Value-at-Risk
Critical wallets migrated or inherently PQ-native (9.3.2)
Claim: No evidence that any Pump.fun critical wallet (global authority, fee recipients, withdraw authority, admin keys, treasury) has been migrated to PQC.
Coverage basis: No critical wallets migrated
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Pump.fun admin authorities are Ed25519 keypairs with no evidence of PQC migration
Assurance: Global authority, 7 fee_recipients, withdraw_authority, and admin_set_creator_authority are all identified as standard Ed25519 public keys in the Pump Program README. No on-chain evidence of Winterwallet or vault migration exists.
These authorities control protocol-wide configuration (fee parameters, creator assignment, migration logic). Compromise would enable systemic exploitation beyond individual holder accounts.
Migration Status & Value-at-Risk
Legacy vulnerable pools identified, measurable, deprecated, migrated, frozen, or proven not to exist by design (9.3.3)
Claim: Solana ecosystem has identified the quantum vulnerability of Ed25519 accounts. Pump.fun has not published any measurement, deprecation, freeze, or migration policy for its vulnerable value pools.
Coverage basis: Vulnerability identified at L1 level; no Pump.fun-specific measurement or policy
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: Solana has identified the vulnerability class and proposed migration paths (seed-based ZK proofs, Winternitz vaults, Falcon migration). Pump.fun has not engaged with any of these.
Partial credit (0.25) for Solana-level vulnerability identification. No Pump.fun-specific legacy pool audit, freeze mechanism, deprecation timeline, or migration policy exists.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap (9.4.1)
Claim: Solana ecosystem has published research roadmaps for PQC migration (Falcon-512, SIMD-0461, seed-based ZK migration). Pump.fun has published no token-specific migration roadmap.
Coverage basis: Solana-level roadmap exists; no Pump.fun-specific roadmap
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: none · Score treatment: not applicable
Assurance: Solana's roadmap is research-stage: 'Continue quantum research and keep evaluating Falcon, and its alternatives. If quantum becomes a credible threat, adopt a post-quantum scheme for new wallets. Migrate existing wallets.' (solana.com/news/quantum-readiness)
No Pump.fun-specific migration sequencing, activation criteria, or dependency mapping exists. The project relies entirely on Solana L1 migration when/if it occurs.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults (9.4.2)
Claim: Blueshift Winterwallet provides opt-in PQC vault on Solana mainnet. No default PQC account creation, wallet tooling, or migration prompts exist for PUMP token users or admins.
Coverage basis: Opt-in application-level vault only; no default or mandatory PQC path
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: operational/product caveat · Score treatment: note-only
Assurance: Winterwallet works on Solana mainnet today (no protocol changes required) but is opt-in, one-time-use per vault, and has no Pump.fun-specific integration or promotion.
PUMP token holders could theoretically move funds to Winterwallet vaults, but there are no Pump.fun-provided migration prompts, UI integration, documentation, or incentives to do so.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination (9.4.3)
Claim: No enforcement mechanisms exist on Solana to deprecate Ed25519 signing, freeze vulnerable accounts, block unsafe fallback paths, or mandate PQC migration.
Coverage basis: No enforcement mechanisms
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Solana has no protocol-level mechanism to freeze, deprecate, or force-migrate vulnerable accounts. Pump.fun has no application-level mechanism either.
Per QRI §9.4.3, enforcement mechanisms include deprecation, freeze, disabled legacy signing, restricted withdrawals, unsafe-path blocking, or mandatory migration after a deadline. None exist for PUMP.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum vulnerabilities (9.4.4)
Claim: No formal quantum-specific incident-response playbook, disclosure process, or emergency governance procedure exists for Pump.fun or Solana.
Coverage basis: No formal quantum IR process
Implementation score: 0 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Per QRI §7.4, lack of a formal quantum-specific IR playbook is a note-only caveat when it does not leave a current quantum-vulnerable path unresolved. The vulnerability exists regardless of IR process maturity.
Solana's rapid upgrade cadence and validator coordination capability (demonstrated through regular feature activations) provide informal emergency response capacity but no quantum-specific playbook exists.
Algorithm & Implementation Assurance
Uses NIST-standardized, standards-track, or broadly reviewed PQC/hybrid-PQC algorithms (9.5.1)
Claim: No PQC algorithms are used in production for PUMP token or Pump.fun protocol. Solana research targets Falcon-512 (FN-DSA, in NIST draft standardization) but this is not deployed.
Coverage basis: No production PQC; Falcon-512 is standards-track but not deployed
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: Falcon-512 is on track for NIST FIPS 206 standardization. SIMD-0461 proposes a Falcon verification syscall but is not merged or activated.
Score is 0.00 because no PQC algorithm is used in production. Falcon selection is a research-stage decision, not a deployed protection.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit for quantum-critical scope (9.5.2)
Claim: No quantum-specific cryptographic audit exists for Pump.fun or its Solana dependencies. Pashov audit (2025-03-18) is scope-limited to smart-contract logic.
Coverage basis: No quantum-specific audit
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Existing audits cover fixed-price-token-sale and pump-contracts-solana/pump-amm-2. They assess smart-contract logic correctness, not cryptographic primitive security or quantum resistance. This is recorded as an assurance-only caveat per QRI §6.5.
No independent review exists for Solana's Falcon implementation, Anza's migration proof, or Blueshift's Winternitz Vault as they apply to Pump.fun.
Algorithm & Implementation Assurance
Open-source, reproducible implementation (9.5.3)
Claim: Solana PQC research prototypes (Falcon verification, migration proofs) are open-source. No Pump.fun-specific PQC implementation exists. Production Pump.fun code is open-source but uses only classical cryptography.
Coverage basis: Open-source PQC prototypes exist at Solana level; no Pump.fun PQC implementation
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: none · Score treatment: not applicable
Assurance: Anza's migration proof prototype and Firedancer's Falcon verification implementation are open-source. Pump.fun program code is open-source but contains no PQC code.
Partial credit (0.25) for Solana-level open-source PQC prototypes. No Pump.fun-specific PQC implementation exists.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path documented (9.5.4)
Claim: Solana research documents parameter tradeoffs (Falcon vs Dilithium vs SQISign) and migration upgrade paths. Pump.fun has no documented upgrade path.
Coverage basis: Solana-level agility documentation exists; no Pump.fun-specific documentation
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: none · Score treatment: not applicable
Assurance: Jump Crypto and Helius analyses document comparative scheme parameters. Solana's approach allows independent scheme selection for consensus vs transactions.
Partial credit for Solana-level documentation. Pump.fun has no documented plan for how it would coordinate admin key migration, upgrade its programs, or transition token holders.
Algorithm & Implementation Assurance
Stateful-signature safety, side-channel, and custody implementation risks (9.5.5)
Claim: Pump.fun does not use stateful signature schemes (XMSS/LMS). This subfactor is not applicable to the current production scope.
Coverage basis: N/A - no stateful signature scheme in use
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
If Solana were to adopt XMSS/LMS-style stateful signatures, this subfactor would become applicable. Currently it is N/A.
Algorithm & Implementation Assurance
Performance and resource-impact analysis for PQ deployment (9.5.6)
Claim: Solana research publications include performance analysis for Falcon-512 verification (~0.25x Ed25519 verify time), signature sizes (~666B vs 64B), and bandwidth implications.
Coverage basis: Solana-level performance analysis exists; no Pump.fun-specific analysis
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: none · Score treatment: not applicable
Assurance: Jump Crypto provides comparative table: Ed25519 (32B pk, 64B sig, 1.00x verify), Falcon-512 (897B pk, 666B sig, 0.25x verify), Dilithium2 (1312B pk, 2420B sig, 0.80x verify), SQIsign (65B pk, 148B sig, ~100x verify). Helius discusses Rotor/Turbine shred authentication PQ adaptations.
Partial credit for Solana-level analysis. No analysis exists for how PQ migration would affect Pump.fun bonding curve operations, fee calculations, or migration instruction costs.
Report metadata