Verify every token before you buy Unlimited checks · $3.99/wk · Cancel anytime
Get Unlimited
Swap on Verixia
[ on-chain  ·  solana + evm ]

Token Risk Check

Paste any contract address for an instant on-chain risk assessment -- honeypot detection, liquidity analysis, holder concentration, and contract permissions.

Read the contract before the contract reads you. Honeypot, rug, and scam detection from on-chain state — not market data.

⚠️ Token Risk Check
✓ On-Chain Analysis
🔒 No Signup
⚡ Results in Seconds
🔍 Honeypot detection
💧 LP lock status
👥 Holder concentration
⚡ Solana + EVM
4.9 / 5 from 2,732 users Direct on-chain reads 🔐 Non-custodial — no wallet connect required Sub-5-second scan 🔗 Solana · Ethereum · Base · Arbitrum · BNB · Polygon · Avalanche 📊 74,481 risk checks run
Contract Scanner
Live
🔍 On-chain read ⚡ Seconds ✓ No signup
>_
Enter the full token contract address for the most accurate on-chain analysis
No address? Try a popular check:
1 free check · Unlimited from $3.99/wk
No signup required · Results in seconds
Unlimited checks from $3.99 / week · Cancel anytime
Use the same email entered during checkout to restore access
Unlimited token checks active

Unlimited Token Risk Checks

Verify every contract before buying. Honeypot detection, LP lock analysis, and holder concentration reviews across Solana and EVM.
$5.6BFBI crypto losses 2023
$1B+FTC losses 2023
<5sper contract scan
Best Value -- Save 80%
Yearly Access
$39.99 / yr  ·  $3.33/mo
Popular
Monthly Access
$11.99 / month
Try it -- no commitment
Weekly Access
$3.99 / week · cancel anytime
SSL Secured Stripe Cancel anytime No hidden fees
No contracts. Cancel anytime from your account.
SOL ETH BASE ARB BNB POLY AVAX
Powered by Verixia
Live Detections
127 scans today
49K+Scans Run
6Chains
15+Risk Signals
FreeFirst Check
What the checker detects
Example signals · run a scan to see live results
⚠️Sell TaxDETECTED
💧LP LockUNLOCKED
🔑Mint AuthorityACTIVE
OwnershipRENOUNCED
🐋Whale Wallet42%
📅Token Age3 DAYS
🚨Approval RiskHIGH
CooldownACTIVE
🔄Last Update48H AGO
📉Liquidity 24h-12%
🚫Transfer LockENCODED
Freeze AuthENABLED
📋ContractVERIFIED
💰LP Depth$48K
🔗Blacklist FnPRESENT
paste a contract address above to run a live scan
🔍
Honeypot Detection
Simulates sell transactions to detect transfer locks, fee traps, and whitelist-only exit conditions before you buy in. Reads the contract directly — not market data. Works across Solana SPL tokens and all major EVM chains.
💧
Liquidity & Holders
Reviews pool depth, LP lock status, and top wallet percentages. Surfaces unlocked pools and concentrated wallets before the price collapses.
Results in Seconds
On-chain read — no API delays, no market data lag. Raw contract analysis returned in under 5 seconds.
Token verified? Swap at best price.
Route across Raydium, Orca, Meteora & 50+ DEXes — non-custodial, no KYC
Swap on Verixia →
SOL ETH BASE ARB BNB AVAX Powered by Verixia

Token Risk Analysis -- Contract, Liquidity & Holders

🔗 TL;DR

A token's risk lives in three places: contract permissions (can the dev mint, freeze, or block sells?), liquidity structure (is the LP locked and deep enough to exit?), and holder distribution (can a handful of wallets dump the entire float?). The checker above reads all three directly on-chain in under five seconds.

Scan time< 5 sec
Signals checked15+
Cost (first check)Free

At the core of crypto exploit intelligence lies the nuanced interplay between smart contract immutability and mutability, particularly as manifested through proxy upgrade mechanisms. On initial inspection, a deployed smart contract might appear immutable, suggesting a stable, predictable, and unchanging codebase that users and investors can trust. This perceived immutability is a cornerstone of blockchain’s appeal—once code is deployed, it cannot be altered, theoretically preventing tampering or unexpected changes. However, many contracts utilize proxy upgrade patterns that introduce a layer of mutability beneath the surface. This architectural choice enables the contract’s logic to be swapped or modified post-deployment, effectively creating a contract that can evolve over time. This dual existence—of apparent immutability overlaying actual mutability—complicates risk assessment and is pivotal in crypto exploit intelligence.

The proxy upgrade pattern typically entails a minimal proxy contract that holds the state and delegates function calls to an implementation contract where the logic resides. When an upgrade occurs, the proxy’s reference to the implementation contract is changed to point to new code. This modularity allows developers to patch bugs, add features, or adapt to new market conditions without redeploying a new contract and migrating assets. While this flexibility is advantageous, it expands the attack surface significantly. The upgrade mechanism often sits outside the scope of initial audits or is reviewed with less rigor, creating latent vulnerabilities. Attackers can exploit these overlooked pathways long after the contract’s initial launch, injecting malicious logic or altering tokenomics in ways that may not immediately trigger alarms.

Among the structural elements within this pattern, control over the upgrade mechanism carries outsized analytical weight. The authority to modify the implementation contract usually rests with a specific admin or owner address, sometimes a multisignature wallet, or a decentralized governance contract. Whoever controls this upgrade key wields the power to change contract behavior and asset flows at will. This control can be centralized—concentrated in a single private key—or distributed among multiple parties. The security and governance of the upgrade authority are paramount in determining exploit potential. If the upgrade key is compromised, whether through private key theft, social engineering, or collusion, an attacker gains near-total control over the contract’s functionality. This can enable stealthy fund drains, sudden changes in token rules, or the introduction of honeypot-like mechanics that trap unwitting users.

It is crucial to emphasize that the presence of proxy upgradeability alone does not inherently signal risk. Instead, the governance model and operational security around the upgrade authority dictate the level of threat. Contracts with transparent, well-documented upgrade procedures, secured by robust multisig wallets requiring multiple independent signers, and accompanied by ongoing external audits, demonstrate a lower exploit risk. In contrast, opaque upgrade governance—where the admin key is held by a single entity, or where upgrade events are not publicly disclosed—can enable stealthy, post-launch exploits. This opacity can sometimes mask the true intentions behind contract mutability, complicating efforts to distinguish between legitimate upgrades and malicious interventions.

Transaction fee structures and multisignature wallet configurations further modulate exploit risk in the context of upgradeable contracts. On networks with high transaction fees, the economic barrier discourages frequent, low-value transactions, thereby limiting the feasibility of rapid, iterative exploit attempts or spam attacks aimed at probing contract vulnerabilities. Conversely, low-fee chains enable attackers to conduct repeated interactions at minimal cost, facilitating extensive reconnaissance and trial-and-error exploits. Multisig wallets, which require multiple keys to approve sensitive actions such as upgrades, introduce an operational security layer that mitigates the risk of a single compromised key. However, multisigs also introduce procedural complexity, potentially slowing response times in urgent situations and creating vulnerabilities if collusion occurs among signers. On low-fee chains, the risk of social engineering or insider collusion to compromise multisig-controlled upgrade keys is elevated, whereas high-fee networks benefit from natural economic deterrents against repeated abuse.

From an exploit intelligence perspective, proxy upgrade patterns embody a classic double-edged sword. They offer genuine benefits, allowing developers to respond swiftly to bugs or market changes, thereby extending the contract’s useful lifespan. However, this flexibility inherently expands the attack surface beyond what initial code reviews might cover. The upgrade mechanism is a critical vector that requires continuous monitoring, transparency, and robust governance to mitigate exploit risk. Patterns where upgrade authority is centralized, opaque, or otherwise poorly managed signal caution, as they create latent vulnerabilities that can be exploited months or even years after initial deployment. Conversely, proxy upgrades governed through decentralized or multisignature frameworks, with transparent procedures and ongoing scrutiny, tend to represent a more defensible risk posture.

It is important to acknowledge that observing proxy upgradeability or certain patterns of upgrade governance does not by itself confirm malicious intent or an imminent exploit. These structural features simply create conditions that can be leveraged for both legitimate improvements and potential attacks. Thus, crypto exploit intelligence must continuously contextualize these patterns, assessing governance quality, transparency, and operational security alongside broader ecosystem factors. This holistic approach allows analysts to distinguish between benign upgradeability and configurations that warrant heightened vigilance.

Pre-buy on-chain checklist

  • Mint authority renouncedConfirms supply is capped — no new tokens can be issued post-launch.
  • LP locked or burnedLiquidity cannot be removed in a single transaction. Lock duration and locker contract are both verifiable on-chain.
  • !Top 10 holders under 40%Lower concentration means coordinated dumps are mechanically harder. Above 40% is a structural caution.
  • !No active freeze authorityActive freeze means wallets can be paused at the contract level — no exit possible during a freeze.
  • ×No transfer restrictionsThe transfer function should accept any holder selling. Encoded sell blocks, whitelist exits, and hidden tax functions are honeypot signatures.

Frequently asked questions

Related Risk Guides

Verify the contract address before you buy in. Paste it into the scanner above for the full on-chain breakdown.

Why on-chain signals matter

🔒
Non-custodial Your wallet keys never leave your device. Funds move directly between wallets through the smart contract — Verixia holds nothing.
No account required No sign-up, no KYC, no email. Connect your wallet and swap. Disconnect at any time — no ongoing permissions required.
Solana + EVM Checks SPL tokens and EVM contracts across Ethereum, Base, Arbitrum, BNB Chain, Polygon, and Avalanche.
VR
Verixia Research
On-chain Solana DeFi analysis
Verixia Research analyzes Solana DeFi mechanics, token risk patterns, and DEX aggregator routing using verified market data from DexScreener combined with structural pattern analysis. All ratings derive from observable on-chain signals, not editorial opinion.
📖 How we analyze 👤 About 🔗 Sources: DexScreener market data, structural pattern analysis
⚙ Methodology
Every risk verdict is generated from three on-chain reads run in parallel: (1) direct contract bytecode analysis for honeypot patterns, mint/freeze authority, and blacklist functions; (2) liquidity pool inspection for LP lock status, depth, and removable percentage; (3) holder distribution from token-account snapshots. No editorial opinion is layered on the output. Read the full methodology →