There is a public function that changes the token's total supply. Attackers have used hidden mint logic to generate massive numbers of tokens, instantly diluting holders and dumping into liquidity pools.

Owner-only functions grant privileged control of the token contract — minting, pausing, changing fees, or upgrading code. Many rug-pull tokens retained critical owner privileges that allowed developers to change rules at will. Even "renounced" ownership can hide backdoors through proxy contracts.

The contract's owner address reveals who controls privileged functions. If ownership is retained, the deployer can still pause trading, mint new tokens, or alter fees. Tracking the owner's wallet can reveal disproportionate supply holdings or links to other scams.

A list of function selectors that modify the token's balance storage slot. Expected selectors are transfer and transferFrom; additional selectors may indicate hidden mint/burn or fee-skimming logic.

A list of function selectors that modify the token's allowance storage slot. Expected selectors include approve, transferFrom, increaseAllowance, and decreaseAllowance; unexpected selectors may indicate allowance manipulation.

The selfdestruct opcode permanently deletes a contract from the blockchain, making its tokens unusable. Malicious developers have used this as a "kill switch," deleting the token contract once they've drained enough liquidity.

Timebomb logic enables malicious features only after a specific timestamp or condition. A token may appear safe at launch but automatically enable a 100% sell fee after 24 hours. This delayed rug-pull tactic bypasses early detection and lures more victims before the trap springs.

Pause functions let an admin halt all token transfers. In scam contracts they are frequently abused to freeze everyone's tokens while developers exit liquidity.

If pause status is modifiable, developers can arbitrarily freeze and unfreeze the market. Trading seems normal at first, then suddenly stops when liquidity is at its peak. Victims are frozen while insiders dump.

In ERC-20 standards, view functions should only read data, never write to storage. If a function that appears read-only instead alters contract state, it signals deception. Malicious actors may disguise state-changing logic inside what looks like a harmless getter.

The transfer function's execution depends on a storage variable (e.g., a flag or mapping check). This signals that transfers can be conditionally blocked by the contract owner or via some internal logic.

The transferFrom function's execution depends on a storage variable. Indicates that delegated transfers can be conditionally blocked.

A trading cooldown enforces a mandatory delay between transfers. Often marketed as "anti-bot," in scams it traps victims — preventing them from selling while insiders exit.

A trading cap limits how many tokens can be transferred in a single transaction. Scammers abuse them to block regular selling. Contracts have been found with transfer amounts set so low that no investor could meaningfully exit — a honeypot effect.

A modifiable trading cap means the maximum transfer amount can be changed after deployment. Developers may begin with normal parameters, then suddenly reduce the cap to trap sellers once trading volume grows.

Position caps limit how many tokens a single wallet can hold. Scammers weaponize this to block consolidation or normal transfers. Caps can make transactions fail unexpectedly and trap users in illiquid positions.

A changeable position cap is especially dangerous. Developers can reduce the cap to one token per wallet, effectively locking everyone out of trading except insiders — hidden rug-pull mechanics waiting to be triggered.

Blacklist and whitelist logic allows developers to control which addresses can trade. Scams often block victims from selling while letting insiders move freely. Some honeypots auto-blacklist every buyer as soon as they purchase.

Tax functions deduct fees on each transfer, often sent to a treasury or burned. Scammers exploit this by coding hidden or extreme fees. A common honeypot trick is setting sell taxes to 100%, leaving sellers with nothing.

When taxes can be updated, developers can start with a 1% fee and later raise it to 100%, stealing all proceeds from sells. Transparent tokens hard-code tax rates or bind them to community governance.

send_tax is the percentage loss from the sender's balance. receive_tax is the percentage the recipient didn't receive. All values are expressed as percentages. Measured via onchain simulation.

A test transfer was simulated onchain. If false, the transfer failed — the token may block transfers entirely (potential honeypot).

If a token's code is unverified, users cannot inspect its behavior — preventing detection of hidden backdoors like mint, blacklist, or trap logic. Verified source doesn't guarantee safety, but it allows audits and community review.

For proxy contracts: indicates whether the implementation contract's source code is verified. Only relevant when is_proxy is true. null for non-proxy contracts.

Proxy contracts separate logic from storage, allowing upgrades. Developers can launch with benign code, then upgrade to malicious logic once funds accumulate. Unless proxy upgrades are governed transparently, they give developers unchecked power to change rules.

External calls allow the token to interact with unknown contracts, opening the door to reentrancy and dependency risks. Malicious developers may route value through hidden external calls to siphon funds.

Simulated swaps test whether tokens can really be traded. Many honeypots let users buy but block sells, trapping funds. Simulation also checks liquidity depth — abandoned or fake pools may have no usable reserves.

Liquidity determines whether tokens can be sold at a fair price. If no pool holds more than a minimal amount, the market is fake. Rug pulls typically involve draining liquidity pools, leaving tokens unsellable.

The token is in at least one DEX. Absence from any exchange is a strong signal that the token cannot be traded.

Returns true if the token cannot be bought through any of the listed pools or if all pools are too illiquid (less than $100).

Detects tokens launched via bonding curve platforms. Currently supports four.meme and flap.sh on BSC. Graduated tokens are still identified via address pattern matching.