Verify every token before you buy Unlimited checks · $3.99/wk · Cancel anytime
Get Unlimited
Swap on Verixia
[ on-chain  ·  solana + evm ]

Token Risk Check

Paste any contract address for an instant on-chain risk assessment -- honeypot detection, liquidity analysis, holder concentration, and contract permissions.

Read the contract before the contract reads you. Honeypot, rug, and scam detection from on-chain state — not market data.

⚠️ Token Risk Check
✓ On-Chain Analysis
🔒 No Signup
⚡ Results in Seconds
🔍 Honeypot detection
💧 LP lock status
👥 Holder concentration
⚡ Solana + EVM
4.8 / 5 from 3,206 users Direct on-chain reads 🔐 Non-custodial — no wallet connect required Sub-5-second scan 🔗 Solana · Ethereum · Base · Arbitrum · BNB · Polygon · Avalanche 📊 48,173 risk checks run
Contract Scanner
Live
🔍 On-chain read ⚡ Seconds ✓ No signup
>_
Enter the full token contract address for the most accurate on-chain analysis
No address? Try a popular check:
1 free check · Unlimited from $3.99/wk
No signup required · Results in seconds
Unlimited checks from $3.99 / week · Cancel anytime
Use the same email entered during checkout to restore access
Unlimited token checks active

Unlimited Token Risk Checks

Verify every contract before buying. Honeypot detection, LP lock analysis, and holder concentration reviews across Solana and EVM.
$5.6BFBI crypto losses 2023
$1B+FTC losses 2023
<5sper contract scan
Best Value -- Save 80%
Yearly Access
$39.99 / yr  ·  $3.33/mo
Popular
Monthly Access
$11.99 / month
Try it -- no commitment
Weekly Access
$3.99 / week · cancel anytime
SSL Secured Stripe Cancel anytime No hidden fees
No contracts. Cancel anytime from your account.
SOL ETH BASE ARB BNB POLY AVAX
Powered by Verixia
Live Detections
127 scans today
49K+Scans Run
6Chains
15+Risk Signals
FreeFirst Check
What the checker detects
Example signals · run a scan to see live results
⚠️Sell TaxDETECTED
💧LP LockUNLOCKED
🔑Mint AuthorityACTIVE
OwnershipRENOUNCED
🐋Whale Wallet42%
📅Token Age3 DAYS
🚨Approval RiskHIGH
CooldownACTIVE
🔄Last Update48H AGO
📉Liquidity 24h-12%
🚫Transfer LockENCODED
Freeze AuthENABLED
📋ContractVERIFIED
💰LP Depth$48K
🔗Blacklist FnPRESENT
paste a contract address above to run a live scan
🔍
Honeypot Detection
Simulates sell transactions to detect transfer locks, fee traps, and whitelist-only exit conditions before you buy in. Reads the contract directly — not market data. Works across Solana SPL tokens and all major EVM chains.
💧
Liquidity & Holders
Reviews pool depth, LP lock status, and top wallet percentages. Surfaces unlocked pools and concentrated wallets before the price collapses.
Results in Seconds
On-chain read — no API delays, no market data lag. Raw contract analysis returned in under 5 seconds.
Token verified? Swap at best price.
Route across Raydium, Orca, Meteora & 50+ DEXes — non-custodial, no KYC
Swap on Verixia →
SOL ETH BASE ARB BNB AVAX Powered by Verixia

Token Risk Analysis -- Contract, Liquidity & Holders

🔗 TL;DR

A token's risk lives in three places: contract permissions (can the dev mint, freeze, or block sells?), liquidity structure (is the LP locked and deep enough to exit?), and holder distribution (can a handful of wallets dump the entire float?). The checker above reads all three directly on-chain in under five seconds.

Scan time< 5 sec
Signals checked15+
Cost (first check)Free

The structural pattern central to pumpfun migration risk revolves around the transfer or replication of user assets and permissions from one environment to another. This process is often presented under the guise of an upgrade or migration event, which can sometimes appear as routine contract upgrades or network transitions ostensibly designed to improve functionality, scalability, or security. Yet, beneath this veneer of legitimacy lies a critical vulnerability: the migration process may require users to interact with new contracts or provide sensitive information that grants different, and potentially malicious, control mechanisms. The inherent assumption that migration is inherently safe or benign can be misleading. In reality, such migrations can enable unauthorized access to assets or even facilitate their extraction if the underlying permissions or cryptographic keys are compromised during the process.

At the core of this risk pattern is the handling of private keys or recovery phrases. Private keys represent the ultimate authority over any wallet or contract address, and their compromise essentially hands full control to the actor possessing them. Migration events that prompt users to enter recovery phrases or sign transactions granting new contracts extensive permissions dramatically increase the attack surface. This mechanism is straightforward yet potent: possession of a private key or recovery phrase allows an actor to execute any transaction, including draining assets, changing contract logic, or revoking user permissions. Importantly, the risk here is not mitigated by the migration’s stated purpose, nor by a polished user interface that may suggest legitimacy. The cryptographic control vested in private keys remains absolute and cannot be overridden by superficial assurances.

Transaction fee structures and contract mutability further interact to influence the risk profile of pumpfun migrations. On low-fee networks, migrations can be exploited through spam transactions or rapid, repeated operations that are economically infeasible on higher-cost chains. This low-cost environment can enable attackers to execute multiple unauthorized transactions or probe contract vulnerabilities with minimal expenditure. Conversely, high-fee networks may deter such exploit attempts economically but do not eliminate the risk entirely if the contract architecture allows for upgradeable proxies or owner-controlled changes after migration. For instance, contracts designed with mutable logic or upgradeability features can permit owners to introduce malicious code or revoke user permissions at will post-migration. This creates a tension: while low transaction fees facilitate exploit attempts, mutable contract design on any chain can open avenues for control hijacking. Immutable contracts deployed on higher-fee chains might reduce attack vectors but still require thorough vetting of the migration logic and permissions granted to new contract operators.

Beyond the technical mechanisms, pumpfun migration risk encapsulates a broader challenge of trust and control transfer within decentralized ecosystems. Migration events inherently involve a shift in operational authority, whether moving assets between smart contracts, migrating liquidity pools, or transitioning user permissions from one protocol version to another. When migrations are conducted transparently, with safeguards such as immutable contracts, multisignature wallets, or time-locked permissions that prevent unilateral changes, the risk is reduced. In such cases, users are not required to expose sensitive credentials or sign transactions that grant unchecked authority to new contracts. However, when migration processes solicit private keys or recovery phrases directly, or enable owner-modifiable permissions without robust safeguards, the probability of asset loss or control hijacking becomes substantially higher. This duality—the potential for both legitimate protocol evolution and malicious compromise—underscores the importance of contextual analysis rather than blanket assumptions about migration safety.

An additional dimension worth considering is the behavioral and social engineering aspects intertwined with pumpfun migration risk. Attackers often exploit the sense of urgency or FOMO (fear of missing out) that can accompany migration announcements, pressuring users to act quickly without fully scrutinizing the security implications. The migration process may be framed as a critical upgrade necessary to avoid service disruption or to access new features, which can sometimes lead users to lower their guard and comply with requests for sensitive information. This behavioral pattern compounds the technical vulnerabilities, as the migration interface or communication channels may be designed to appear official while directing users to malicious contracts or phishing sites. While the pattern of migration itself does not confirm malicious intent, the context in which permissions are granted and credentials exposed can be telling indicators of potential compromise.

Finally, the ecosystem context—such as the liquidity pool size, market capitalization, and trading volume associated with tokens undergoing migration—can sometimes provide ancillary signals about risk. Tokens with thin liquidity pools relative to market cap or low trading volume may be more susceptible to manipulation during migration events, as attackers can more easily influence prices or execute exit scams. Similarly, newly launched pairs with short pair ages might lack the historical validation of contract integrity or community trust, making migration events more precarious. However, these factors alone do not confirm malicious intent in migration but should be considered alongside contract permissions, key management practices, and user interaction requirements when assessing pumpfun migration risk.

In sum, the risk associated with pumpfun migration is deeply rooted in the transfer and control of cryptographic keys and contract permissions during migration events. While migrations can sometimes be necessary and beneficial protocol evolutions, they also open avenues for unauthorized asset access if handled without stringent security measures. Recognizing the complex interplay of technical, behavioral, and ecosystem factors is essential to understanding when migrations signal genuine progress and when they might mask potential compromise.

Pre-buy on-chain checklist

  • Mint authority renouncedConfirms supply is capped — no new tokens can be issued post-launch.
  • LP locked or burnedLiquidity cannot be removed in a single transaction. Lock duration and locker contract are both verifiable on-chain.
  • !Top 10 holders under 40%Lower concentration means coordinated dumps are mechanically harder. Above 40% is a structural caution.
  • !No active freeze authorityActive freeze means wallets can be paused at the contract level — no exit possible during a freeze.
  • ×No transfer restrictionsThe transfer function should accept any holder selling. Encoded sell blocks, whitelist exits, and hidden tax functions are honeypot signatures.

Frequently asked questions

Related Risk Guides

Verify the contract address before you buy in. Paste it into the scanner above for the full on-chain breakdown.

Why on-chain signals matter

🔒
Non-custodial Your wallet keys never leave your device. Funds move directly between wallets through the smart contract — Verixia holds nothing.
No account required No sign-up, no KYC, no email. Connect your wallet and swap. Disconnect at any time — no ongoing permissions required.
Solana + EVM Checks SPL tokens and EVM contracts across Ethereum, Base, Arbitrum, BNB Chain, Polygon, and Avalanche.
VR
Verixia Research
On-chain Solana DeFi analysis
Verixia Research analyzes Solana DeFi mechanics, token risk patterns, and DEX aggregator routing using verified market data from DexScreener combined with structural pattern analysis. All ratings derive from observable on-chain signals, not editorial opinion.
📖 How we analyze 👤 About 🔗 Sources: DexScreener market data, structural pattern analysis
⚙ Methodology
Every risk verdict is generated from three on-chain reads run in parallel: (1) direct contract bytecode analysis for honeypot patterns, mint/freeze authority, and blacklist functions; (2) liquidity pool inspection for LP lock status, depth, and removable percentage; (3) holder distribution from token-account snapshots. No editorial opinion is layered on the output. Read the full methodology →