Verify every token before you buy Unlimited checks · $3.99/wk · Cancel anytime
Get Unlimited
Swap on Verixia
[ on-chain  ·  solana + evm ]

Token Risk Check

Paste any contract address for an instant on-chain risk assessment -- honeypot detection, liquidity analysis, holder concentration, and contract permissions.

Read the contract before the contract reads you. Honeypot, rug, and scam detection from on-chain state — not market data.

⚠️ Token Risk Check
✓ On-Chain Analysis
🔒 No Signup
⚡ Results in Seconds
🔍 Honeypot detection
💧 LP lock status
👥 Holder concentration
⚡ Solana + EVM
4.9 / 5 from 3,467 users Direct on-chain reads 🔐 Non-custodial — no wallet connect required Sub-5-second scan 🔗 Solana · Ethereum · Base · Arbitrum · BNB · Polygon · Avalanche 📊 76,480 risk checks run
Contract Scanner
Live
🔍 On-chain read ⚡ Seconds ✓ No signup
>_
Enter the full token contract address for the most accurate on-chain analysis
No address? Try a popular check:
1 free check · Unlimited from $3.99/wk
No signup required · Results in seconds
Unlimited checks from $3.99 / week · Cancel anytime
Use the same email entered during checkout to restore access
Unlimited token checks active

Unlimited Token Risk Checks

Verify every contract before buying. Honeypot detection, LP lock analysis, and holder concentration reviews across Solana and EVM.
$5.6BFBI crypto losses 2023
$1B+FTC losses 2023
<5sper contract scan
Best Value -- Save 80%
Yearly Access
$39.99 / yr  ·  $3.33/mo
Popular
Monthly Access
$11.99 / month
Try it -- no commitment
Weekly Access
$3.99 / week · cancel anytime
SSL Secured Stripe Cancel anytime No hidden fees
No contracts. Cancel anytime from your account.
SOL ETH BASE ARB BNB POLY AVAX
Powered by Verixia
Live Detections
127 scans today
49K+Scans Run
6Chains
15+Risk Signals
FreeFirst Check
What the checker detects
Example signals · run a scan to see live results
⚠️Sell TaxDETECTED
💧LP LockUNLOCKED
🔑Mint AuthorityACTIVE
OwnershipRENOUNCED
🐋Whale Wallet42%
📅Token Age3 DAYS
🚨Approval RiskHIGH
CooldownACTIVE
🔄Last Update48H AGO
📉Liquidity 24h-12%
🚫Transfer LockENCODED
Freeze AuthENABLED
📋ContractVERIFIED
💰LP Depth$48K
🔗Blacklist FnPRESENT
paste a contract address above to run a live scan
🔍
Honeypot Detection
Simulates sell transactions to detect transfer locks, fee traps, and whitelist-only exit conditions before you buy in. Reads the contract directly — not market data. Works across Solana SPL tokens and all major EVM chains.
💧
Liquidity & Holders
Reviews pool depth, LP lock status, and top wallet percentages. Surfaces unlocked pools and concentrated wallets before the price collapses.
Results in Seconds
On-chain read — no API delays, no market data lag. Raw contract analysis returned in under 5 seconds.
Token verified? Swap at best price.
Route across Raydium, Orca, Meteora & 50+ DEXes — non-custodial, no KYC
Swap on Verixia →
SOL ETH BASE ARB BNB AVAX Powered by Verixia

Token Risk Analysis -- Contract, Liquidity & Holders

🔗 TL;DR

A token's risk lives in three places: contract permissions (can the dev mint, freeze, or block sells?), liquidity structure (is the LP locked and deep enough to exit?), and holder distribution (can a handful of wallets dump the entire float?). The checker above reads all three directly on-chain in under five seconds.

Scan time< 5 sec
Signals checked15+
Cost (first check)Free

At the core of a Solana program audit lies the intricate balance between program immutability and upgradeability, a duality that shapes the foundational security profile of decentralized applications on this blockchain. Solana programs are, by design, generally immutable once deployed; the bytecode locked on-chain cannot be altered arbitrarily. This characteristic ostensibly offers a reassuring permanence, implying that the logic governing token transfers, staking, or other decentralized finance operations remains fixed and predictable. However, this surface-level immutability often conceals a more complex reality. Many Solana programs adopt proxy upgrade patterns that enable the logic to be updated by specific authorized parties, introducing a layer of controlled mutability that audits need to scrutinize carefully.

This dual structure—the apparent permanence of deployed code combined with an underlying capacity for change—creates a nuanced risk profile. Audits focusing exclusively on the deployed bytecode might overlook vulnerabilities introduced by the upgrade mechanism, which is typically managed outside the core logic and through separate administrative controls. These upgrade controls are not merely technical details; they represent critical governance components that can fundamentally alter a program’s behavior post-deployment. From an analytical standpoint, the key variable in this pattern is the identity, security posture, and governance of the upgrade authority. The private key associated with this upgrade authority effectively holds the power to rewrite the program’s code, potentially overriding earlier assurances obtained from the initial audit.

If this upgrade authority is compromised, either through poor key management or malicious intent, the implications are severe. The program’s logic can be modified to introduce malicious payloads, backdoors, or unauthorized asset transfers, regardless of whether the program passed an audit prior to deployment. In practice, the upgrade authority functions as a gatekeeper to mutability, and its security model directly influences the trustworthiness of the entire program. A single-signature key held by one party introduces a single point of failure, while a multisignature (multisig) governance approach distributes control and reduces risk. Yet, even multisig schemes are not foolproof and can sometimes introduce operational delays or complexity that affect governance agility.

Another layer of complexity emerges when considering Solana’s transaction fee structure and how it interacts with program governance. Solana’s relatively low transaction fees make frequent interactions with programs economically feasible, encouraging active use and iterative improvements. This can be advantageous for decentralized applications seeking to evolve rapidly or respond dynamically to market conditions. However, the same low fees can also increase exposure to spam or denial-of-service attacks if transactional throughput is not carefully managed at the protocol or program level. The presence of multisig wallets governing upgrade authorities or administrative functions can mitigate some risks by requiring multiple approvals for critical changes, but they also introduce a trade-off between security and responsiveness. This interplay shapes a complex operational risk environment that audits need to consider beyond static code reviews.

In practical auditing scenarios, the presence of upgradeable Solana programs audited without a comprehensive scope that includes upgrade mechanisms means residual risk persists even after a clean report. It is important to emphasize that this pattern does not by itself indicate malicious intent. Many projects adopt upgradeability to patch bugs, enhance functionality, or comply with evolving regulatory requirements, which can be viewed as prudent and responsible governance. The value of an audit in this context depends heavily on its scope. When an audit encompasses not only the deployed bytecode but also the upgrade logic, governance controls, and operational security of the upgrade authority, the risk of post-audit exploitation diminishes substantially.

Conversely, if upgrade mechanisms are opaque, centralized, or poorly documented, the audit’s assurances become incomplete. In such cases, the program remains vulnerable despite passing initial scrutiny, as the potential for post-audit modification is not adequately constrained or monitored. This scenario underscores the importance of transparency and robust governance frameworks, such as timelocks, multisig requirements, and public disclosure of upgrade authority holders, which can help align incentives and reduce the risk of unauthorized changes. Analyzing these governance patterns with the same rigor as code correctness is essential for a holistic understanding of program security on Solana.

Furthermore, the temporal aspect of upgradeability introduces additional considerations. Programs with recently established upgrade authorities or short histories of governance activity may carry higher uncertainty regarding future changes and their potential impact. In contrast, programs with long-standing, well-audited upgrade governance tend to inspire greater confidence, though they are not immune to emergent risks. The median pair age for top liquidity tokens on Solana, often under a month, suggests that many projects are relatively young, which can sometimes correlate with less mature governance practices and higher upgrade-related risks.

Ultimately, a thorough Solana program audit extends beyond verifying the immutability of deployed bytecode—it requires a deep dive into the governance and operational controls that enable upgradeability. The interplay of these structural elements defines a complex risk landscape where security assurances hinge not only on code correctness but also on the protection and transparency of upgrade authority management. This layered approach to risk assessment is critical to understanding and mitigating potential vulnerabilities inherent in the dynamic environment of Solana programs.

Pre-buy on-chain checklist

  • Mint authority renouncedConfirms supply is capped — no new tokens can be issued post-launch.
  • LP locked or burnedLiquidity cannot be removed in a single transaction. Lock duration and locker contract are both verifiable on-chain.
  • !Top 10 holders under 40%Lower concentration means coordinated dumps are mechanically harder. Above 40% is a structural caution.
  • !No active freeze authorityActive freeze means wallets can be paused at the contract level — no exit possible during a freeze.
  • ×No transfer restrictionsThe transfer function should accept any holder selling. Encoded sell blocks, whitelist exits, and hidden tax functions are honeypot signatures.

Frequently asked questions

Related Risk Guides

Verify the contract address before you buy in. Paste it into the scanner above for the full on-chain breakdown.

Why on-chain signals matter

🔒
Non-custodial Your wallet keys never leave your device. Funds move directly between wallets through the smart contract — Verixia holds nothing.
No account required No sign-up, no KYC, no email. Connect your wallet and swap. Disconnect at any time — no ongoing permissions required.
Solana + EVM Checks SPL tokens and EVM contracts across Ethereum, Base, Arbitrum, BNB Chain, Polygon, and Avalanche.
VR
Verixia Research
On-chain Solana DeFi analysis
Verixia Research analyzes Solana DeFi mechanics, token risk patterns, and DEX aggregator routing using verified market data from DexScreener combined with structural pattern analysis. All ratings derive from observable on-chain signals, not editorial opinion.
📖 How we analyze 👤 About 🔗 Sources: DexScreener market data, structural pattern analysis
⚙ Methodology
Every risk verdict is generated from three on-chain reads run in parallel: (1) direct contract bytecode analysis for honeypot patterns, mint/freeze authority, and blacklist functions; (2) liquidity pool inspection for LP lock status, depth, and removable percentage; (3) holder distribution from token-account snapshots. No editorial opinion is layered on the output. Read the full methodology →