AI+Meme: Analysis of Virtuals Protocol and Clanker

1/13/2025, 7:59:19 AM
Intermediate
MemeAI
With the recent security incidents of Spectral and previous security audits of memecoin launchpads such as Tokr.fun, Pumpup, and Pump404, we will provide an in-depth analysis of Virtuals protocol and Clanker's core mechanisms and a detailed interpretation of its functional design, including token minting, fee models, liquidity and other key features, while helping users understand their security points.

With the rapid development of memecoin, Virtuals Protocol and Clanker are at the forefront of innovation, incorporating AI agents to attract a large number of users. However, with AI + Memecoin exploded, security incidents of similar platforms once again emphasized the importance of smart contract security.

With the recent security incidents of Spectral and previous security audits of memecoin launchpads such as Tokr.fun, Pumpup, and Pump404, Beosin will provide an in-depth analysis of Virtuals protocol and Clanker’s core mechanisms and a detailed interpretation of its functional design, including token minting, fee models, liquidity and other key features, while helping users understand their security points.

Spectral Security Incident

On December 1, Spectral said that the Bonding Curve contract of its Syntax platform had a loophole, and about $200,000 of liquidity had been removed and access to the Syntax platform had been temporarily suspended.

According to the analysis, the vulnerability is due to the existence of an unlimited authorization in AgentToken.sol. When the AutonomousAgentDeployer calls the transferFrom function in AgentToken, the Syntax platform takes a tax. There is an unlimited authorization in the transferFrom function (line 90), causing AgentBalances to spend/transfer Agenttokens from AutonomousAgentDeployer without limit.

The attacker transfers AgentTokens by invoking AgentBalances, and the number of Agenttokens in the AutonomousAgentDeployer decreases, resulting in errors in the price calculation of the Bonding Curve: The price of AgentToken falsely increased, and then the hackers used a portion of AgentToken to exchange a large amount of $SPEC tokens, resulting in the loss of Spectral protocol.

In this security incident, due to a flaw in the logical design of the contract, hackers manipulated the price by exploiting the flaw and Bonding Curve. Spectral has now fixed the vulnerability and the protocol will resume operations after an audit.

Virtuals Protocol

Virtuals Protocol is built on the Base chain and provides a protocol for creating, owning, using, and tokenizing AI agents. An Initial Agent Offering (IAO) allows users to easily create or purchase tokens for related AI agents and interact with them.

When creating an AI Agent, Virtuals Protocol generates a corresponding Bonding Curve. Before the AI Agent can interact with users, its corresponding token (FERC20 format) must have a market value of $420,000. And the Bonding Curve only accepts $VIRTUAL tokens for payment.

FERC20 is Virtuals Protocol’s custom ERC20 token format, which primarily limits the number of tokens that can be transferred per transaction:

After the token market value has reached the required level, token holders of FERC20 can exchange them for corresponding AI Agent tokens via “unwrap” for trading on Uniswap V2’s liquidity pool.

Currently, Virtuals Protocol has upgraded its core contract to AgentFactoryV4, which consists of 3 key components: Agent Token, NFT for AI Agent, Governance (veToken and DAO) :

1. Agent Token

The AgentToken is a standard ERC-20 Token that can be created by calling executeApplication() and then _createNewAgentToken().

There is a transaction tax on Agent tokens. Virtuals Protocol will convert the earned taxes into $VIRTUAL and repurchase and destroy the corresponding Agent tokens.

2. NFT

NFT serves as an anchor for AI agents in Virtuals Protocol, storing key information related to their functions:

In addition, there is a special class of NFT in Virtuals Protocol, the Contribution NFT, which is used to record the user’s contribution: whether there is an enhanced model, whether there is an increase in the data set, etc., and then reward the corresponding user by voting through the DAO. Any user can earn the transaction/token income of the AI Agent through the Contribution NFT, and it should be noted that the Admin address can directly create a reward proposal without voting.

3. veToken and DAO

Users can pledge Agent Token/ $VIRTUAL LP token to receive Agent veToken. These Vetokens represent the user’s voting rights in the DAO. When a proposal to update the AI Agent is made, the DAO evaluates a score through interaction to decide whether to update the AI Agent:

Virtuals Protocol protocol is complex, and when AI Agent tokens are ready to be traded, liquidity injection and transaction taxes are involved, and developers need to pay attention to address verification, permission checks, whether there is reentry, and the correctness of code implementation.

Clanker World

Clanker World is a Farcaster based token issuance protocol that allows a Farcaster client, such as Warpcast, to @Clanker by telling it about the token and Clanker will deploy the token on the Base.

Due to the combination of the AI Agent, meme platform and Web3 social hotspots, Clanker attracted a lot of attention, with more than 3,500 tokens issued and approximately $9.7 million in negotiated revenue.

Clanker’s core contract, Clanker. Sol, (0x9B84fcE5Dcd9a38d2D01d5D72373F6b6b067c3e1) is responsible for tokens deployment:

1. Create tokens

Mint new ERC-20 tokens into the deployer contract:

2. Create a Uniswap V3 liquidity pool

Create and complete the initialization of the liquidity pool:

Create new liquidity positions for newly deployed tokens and WETH, with a 1% fee default for liquidity positions.

3. Lock in liquidity

Create a liquidity locker address:

Transfer the authority of the liquidity pool to the locker address and complete initialization:

The contract of Clanker is clear and simple, and does not use Bonding Curve to price tokens. Instead, Clanker taxes token transactions to reduce complexity. Users need to be aware of the access controll issue of Clanker’s contract. The contract owners can upgrade or deprecate the contract. Currently, Clanker contract uses 3-3 multi-sig to reduce this risk to some extent.

Summary

In this article, we have analyzed the contract codes for the Virtuals Protocol and the Clanker Protocol, including their token minting, liquidity pool creation, and other important functions. Developers still need to pay attention to the security of the project operation level and the contract business logic level, especially in terms of rights management, and beware of asset losses due to incorrect upgrades or improper design in the code.

Disclaimer:

  1. This article is reprinted from [beosin]. All copyrights belong to the original author [beosin]. If there are objections to this reprint, please contact the Gate Learn team, and they will handle it promptly.
  2. Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.
  3. Translations of the article into other languages are done by the Gate Learn team. Unless mentioned, copying, distributing, or plagiarizing the translated articles is prohibited.

Share

Crypto Calendar
Tokenların Kilidini Aç
Grass, 28 Ekim'de mevcut dolaşım arzının yaklaşık %74,21'ini oluşturan 181.000.000 GRASS tokeni açığa çıkaracak.
GRASS
-5.91%
2025-10-27
Ana Ağ v.2.0 Lansmanı
DuckChain Token, Ekim ayında ana ağ v.2.0'ı başlatacak.
DUCK
-8.39%
2025-10-27
StVaults Lansmanı
Lido, Lido v.3.0 güncellemesinin bir parçası olarak stVaults'ın Ekim ayında ana ağda kullanılmaya başlayacağını duyurdu. Bu arada, kullanıcılar testnet'te özellikleri keşfedebilirler. Yayın, yeni modüler kasa mimarisi aracılığıyla Ethereum staking altyapısını geliştirmeyi amaçlıyor.
LDO
-5.66%
2025-10-27
MA
Sidus, Ekim ayında bir AMA düzenleyecek.
SIDUS
-4.2%
2025-10-27
Forte Ağı Yükseltmesi
Flow, Ekim ayında başlayacak Forte yükseltmesini duyurdu. Bu yükseltme, geliştirici deneyimini iyileştirmek ve AI ile tüketiciye hazır on-chain uygulamalarını mümkün kılmak için araçlar ve performans iyileştirmeleri sunacak. Güncelleme, Cadence diline yönelik yeni özellikler, yeniden kullanılabilir bileşenler için bir kütüphane, protokol iyileştirmeleri ve rafine tokenomi içermektedir. Flow'daki mevcut ve yeni geliştiriciler, en son yetenekleri kullanarak uygulamalar ve yükseltmeler yayınlayacak. Ek detaylar, ETHGlobal hackathonu öncesinde 14 Ağustos'ta Pragma New York'ta paylaşılacak.
FLOW
-2.81%
2025-10-27
sign up guide logosign up guide logo
sign up guide content imgsign up guide content img
Start Now
Sign up and get a
$100
Voucher!
Create Account

Related Articles

Top 10 Meme Coin Trading Platforms
Beginner

Top 10 Meme Coin Trading Platforms

In this guide, we’ll explore details of meme coin trading, the top platforms you can use to trade them, and tips on conducting research.
10/15/2024, 10:34:29 AM
Arweave: Capturing Market Opportunity with AO Computer
Beginner

Arweave: Capturing Market Opportunity with AO Computer

Decentralised storage, exemplified by peer-to-peer networks, creates a global, trustless, and immutable hard drive. Arweave, a leader in this space, offers cost-efficient solutions ensuring permanence, immutability, and censorship resistance, essential for the growing needs of NFTs and dApps.
6/8/2024, 2:46:17 PM
Review of the Top Ten Meme Bots
Beginner

Review of the Top Ten Meme Bots

This article provides a detailed overview of the top ten popular Meme trading Bots in the current market, including their operating steps, product advantages, fees, and security, helping you find the most suitable trading tool for yourself.
7/17/2025, 7:12:17 AM
What's Behind Solana's Biggest Meme Launch Platform Pump.fun?
Beginner

What's Behind Solana's Biggest Meme Launch Platform Pump.fun?

The world of memes is always full of entertainment. Recently, a platform with the domain name "fun" — Pump.fun — has attracted considerable attention in the crypto community. Even professional poker player Tom Dwan mentioned Pump.fun in a tweet, hinting at his interest in its gambling entertainment.
4/25/2024, 5:51:05 AM
 The Upcoming AO Token: Potentially the Ultimate Solution for On-Chain AI Agents
Intermediate

The Upcoming AO Token: Potentially the Ultimate Solution for On-Chain AI Agents

AO, built on Arweave's on-chain storage, achieves infinitely scalable decentralized computing, allowing an unlimited number of processes to run in parallel. Decentralized AI Agents are hosted on-chain by AR and run on-chain by AO.
6/18/2024, 3:14:52 AM
Introduction to Raydium
Intermediate

Introduction to Raydium

Raydium is the first decentralized exchange (DEX) on Solana to utilize an automated market maker (AMM) system. It supports a wide range of trading pairs and offers strong liquidity. Over the last year, as the Solana ecosystem has expanded and in collaboration with pump.fun, Raydium has emerged as one of the largest DEXs on Solana. This article will explore how Raydium operates, its team background, token economics, and unique features, along with a data-driven analysis of its current development, discussing its role in the Solana ecosystem and the effects of pump.fun and the meme coin trend.
11/20/2024, 9:48:51 AM