Security & Privacy

RugCheck

A token security scanner that analyzes smart contract permissions, liquidity locking status, and holder concentration risks.

RugCheck — RugCheck is an automated token analysis tool that scans smart contract code and on-chain data to detect potential rug pull indicators, such as honeypot mechanisms, minting functions, hidden ownership, and suspicious liquidity setups. It provides a risk score to help traders evaluate token safety before buying.

How It Works

RugCheck (and similar tools like Token Sniffer and GoPlus) performs automated analysis on token contracts by examining multiple risk factors. These include checking whether the contract owner can mint unlimited tokens, whether buy/sell taxes can be changed to 100% (creating a honeypot), whether liquidity is locked or can be withdrawn by the deployer, and whether there are hidden transfer restrictions.

The tool reads the smart contract's bytecode and source code (if verified), analyzes the deployer's wallet history, checks the liquidity pool configuration, and examines the token's holder distribution. Each risk factor is weighted, and a composite risk score is generated. High-risk indicators include unrenounced ownership, unlocked liquidity, concentrated token holdings, and blacklist/whitelist functions.

On Solana, RugCheck.xyz analyzes SPL token metadata, mint authority status (whether the deployer can create more tokens), freeze authority (whether transfers can be frozen), and the distribution of token accounts to flag potential scam tokens.

Why It Matters

Rug pulls are among the most common scams in crypto, especially on decentralized exchanges where anyone can create and list a token. Without automated screening, traders must manually review smart contract code — a skill most people do not have. RugCheck democratizes contract analysis by providing instant, readable risk assessments that help traders avoid obvious scams.

However, RugCheck is not foolproof. Sophisticated scammers can deploy contracts that pass automated checks but contain hidden exploit mechanisms, or they may create a legitimate-looking token and rug pull through social engineering rather than contract manipulation. RugCheck should be one input in a broader due diligence process, not the sole decision factor.

Real-World Example

A trader sees a new token trending on DEX Screener and pastes the contract address into RugCheck before buying. The analysis reveals that the deployer wallet holds 40% of the supply, liquidity is not locked, and the contract has an unrenounced owner with a mint function. RugCheck assigns a high-risk score. The trader avoids the token, and two hours later the deployer mints millions of new tokens, dumps them on the open market, and drains the liquidity pool.

Related Terms

DeFi & AMM

Smart Contract

Self-executing code stored on a blockchain that automatically enforces the terms of an agreement without intermediaries.

Read definition Security & Privacy

Token Audit

A professional review of a token's smart contract code by a security firm to identify vulnerabilities before public launch.

Read definition Security & Privacy

Smart Contract Exploit

An attack that takes advantage of vulnerabilities in smart contract code to drain funds or manipulate protocol state.

Read definition Blockchain & Crypto Fundamentals

Private Key

A secret cryptographic string that grants full control over a wallet's funds; losing it means losing the wallet permanently.

Read definition

Frequently Asked Questions

Common questions about RugCheck in cryptocurrency and DeFi.

Is RugCheck free to use?

Yes, RugCheck.xyz and most token scanning tools offer free basic analysis. Some provide premium features like real-time monitoring, API access, and deeper contract analysis for a subscription fee. For most traders, the free tier provides sufficient information to avoid obvious scam tokens.

Can a token pass RugCheck and still be a scam?

Yes. Automated tools check for known patterns, but sophisticated scammers constantly develop new techniques. A token may pass automated checks but still be a scam through social manipulation, pump-and-dump schemes without contract exploits, or novel contract mechanisms not yet in the scanner's database. Always combine automated tools with manual research.

Should I check RugCheck before every token purchase?

Yes, especially for new or low-cap tokens on decentralized exchanges. It takes only seconds and can prevent catastrophic losses. For established tokens listed on major exchanges with long track records, the risk of a contract-level rug pull is minimal, but checking never hurts.

Ready to put your knowledge into practice?

Start Boosting