How SafuScan checks a token for rug pulls
SafuScan answers one question fast: can this token rug or trap you?It does that by reading the token's on-chain reality from multiple independent sources — never a single opinion — and turning it into one plain verdict. Here's exactly what it checks and how the verdict is built.
The six checks behind every verdict
Mint authority
What: Whether new tokens can still be created after launch.
Why it matters: An active mint authority lets the team print unlimited supply and dilute every holder to zero — a common rug.
How we check: Read on-chain (Solana mint account / EVM mintable flag) and via GoPlus. Revoked = fixed supply = safe.
Deep dive →Liquidity lock
What: Whether the trading pool is locked or burned, or still controlled by the team.
Why it matters: If the team holds the liquidity, they can pull it in one transaction and the price instantly goes to zero — the classic rug pull.
How we check: Inspect LP-holder addresses for lock/burn destinations, plus the live USD liquidity depth.
Deep dive →Holder concentration
What: How much of the supply the top wallets control.
Why it matters: If a few non-locked wallets hold a large share, a single dump can crater the price — and they're often insiders.
How we check: Read the top-holder breakdown, exclude locked/burn/pool addresses, and flag heavy concentration.
Deep dive →Honeypot (sell-simulation)
What: Whether you can actually sell after buying.
Why it matters: Honeypots let you buy but block selling — your funds are trapped while the chart may look healthy.
How we check: Run a live buy-and-sell simulation (honeypot.is) and cross-check it against GoPlus contract security.
Deep dive →Freeze authority
What: On Solana, whether the team can freeze your wallet's balance.
Why it matters: An active freeze authority can stop you from ever moving or selling your tokens — effectively a honeypot.
How we check: Read the freeze authority directly from the Solana mint account. Revoked is the safe state.
Deep dive →Buy / sell tax
What: The transfer tax taken on each buy and sell.
Why it matters: Hidden or extreme taxes (30–100%, or much higher on sells) quietly drain you and can act as a soft honeypot.
How we check: Read the declared taxes from GoPlus and the real simulated sell tax from honeypot.is.
Deep dive →How the verdict is calculated
Deal-breakers → AVOID. A confirmed honeypot, the power to rewrite balances, or an extreme simulated sell tax immediately forces an AVOID, regardless of anything else.
Weighted flags → RISKY / CAUTION. Everything else (active authorities, unlocked liquidity, concentration, modifiable tax, unverified source…) carries a weight. Enough weight makes a token RISKY; a few minor flags make it CAUTION.
Liquidity floor. A clean contract with negligible liquidity is untradeable, so the verdict is raised to at least CAUTION/RISKY and a low-liquidity flag is added — it can never show LOW RISK on no liquidity.
Proof required → CAN'T VERIFY. We never treat “no red flags found” as proof of safety. To clear a token we require positive proof — confirmed locked/burned liquidity, or a vetted well-known token. If liquidity-lock status is unknown or the on-chain data is too sparse, the token is marked CAN'T VERIFY (unproven) rather than cleared green.
Creator reputation. When the deployer is linked to prior honeypots, that's surfaced as a serial-scammer warning and forces caution.
LOW RISK means none of the above rug mechanics were detected and we had the proof to clear it — the strongest signal we can give, but still not a guarantee.
The data we cross-reference
Contract-level security: authorities, taxes, honeypot flags, holders, LP.
Independent live buy/sell simulation — confirms you can actually sell.
Reads mint & freeze authority directly — works even on seconds-old tokens GoPlus hasn't indexed.
Canonical, accurate Solana token pricing.
Live price, liquidity, volume and chart data across chains.
Paste any contract or mint address — full verdict in seconds, free, no wallet needed.
FAQ
It runs six on-chain checks — mint authority, liquidity lock, holder concentration, honeypot sell-simulation, freeze authority and buy/sell tax — cross-referencing GoPlus, honeypot.is and direct on-chain reads, then collapses them into one verdict.
AVOID = a deal-breaker like a honeypot or active balance-edit power. RISKY = serious weighted concerns. CAUTION = minor flags or thin liquidity. LOW RISK = no rug mechanics detected and we had the proof to clear it (confirmed liquidity lock, or a vetted well-known token). CAN'T VERIFY = the contract looks clean but we lack the proof to clear it — for example, liquidity-lock status is unknown — so we won't call it safe. A clean scan reduces risk but is never a guarantee.
No. Contracts can be upgraded, liquidity can be unlocked later, and off-chain social-engineering scams exist. Treat the verdict as one strong input, not financial advice, and never invest more than you can afford to lose.
A clean contract with almost no liquidity is untradeable and trivially manipulated, so SafuScan raises the verdict floor (CAUTION/RISKY) and flags low liquidity even when the contract itself looks fine.
Because we refuse to guess. If we can't confirm the liquidity is locked or burned, or the on-chain data is too sparse to judge, we mark the token CAN'T VERIFY (unproven) instead of clearing it green. Absence of red flags is not proof of safety.
SafuScan is an informational tool, not financial advice. A clean scan reduces risk but cannot guarantee safety — always do your own research.