Verify every token before you buy Unlimited checks · $3.99/wk · Cancel anytime
Get Unlimited
Swap on Verixia
[ on-chain  ·  solana + evm ]

Token Risk Check

Paste any contract address for an instant on-chain risk assessment -- honeypot detection, liquidity analysis, holder concentration, and contract permissions.

Read the contract before the contract reads you. Honeypot, rug, and scam detection from on-chain state — not market data.

⚠️ Token Risk Check
✓ On-Chain Analysis
🔒 No Signup
⚡ Results in Seconds
🔍 Honeypot detection
💧 LP lock status
👥 Holder concentration
⚡ Solana + EVM
4.6 / 5 from 2,252 users Direct on-chain reads 🔐 Non-custodial — no wallet connect required Sub-5-second scan 🔗 Solana · Ethereum · Base · Arbitrum · BNB · Polygon · Avalanche 📊 42,596 risk checks run
Contract Scanner
Live
🔍 On-chain read ⚡ Seconds ✓ No signup
>_
Enter the full token contract address for the most accurate on-chain analysis
No address? Try a popular check:
1 free check · Unlimited from $3.99/wk
No signup required · Results in seconds
Unlimited checks from $3.99 / week · Cancel anytime
Use the same email entered during checkout to restore access
Unlimited token checks active

Unlimited Token Risk Checks

Verify every contract before buying. Honeypot detection, LP lock analysis, and holder concentration reviews across Solana and EVM.
$5.6BFBI crypto losses 2023
$1B+FTC losses 2023
<5sper contract scan
Best Value -- Save 80%
Yearly Access
$39.99 / yr  ·  $3.33/mo
Popular
Monthly Access
$11.99 / month
Try it -- no commitment
Weekly Access
$3.99 / week · cancel anytime
SSL Secured Stripe Cancel anytime No hidden fees
No contracts. Cancel anytime from your account.
SOL ETH BASE ARB BNB POLY AVAX
Powered by Verixia
Live Detections
127 scans today
49K+Scans Run
6Chains
15+Risk Signals
FreeFirst Check
What the checker detects
Example signals · run a scan to see live results
⚠️Sell TaxDETECTED
💧LP LockUNLOCKED
🔑Mint AuthorityACTIVE
OwnershipRENOUNCED
🐋Whale Wallet42%
📅Token Age3 DAYS
🚨Approval RiskHIGH
CooldownACTIVE
🔄Last Update48H AGO
📉Liquidity 24h-12%
🚫Transfer LockENCODED
Freeze AuthENABLED
📋ContractVERIFIED
💰LP Depth$48K
🔗Blacklist FnPRESENT
paste a contract address above to run a live scan
🔍
Honeypot Detection
Simulates sell transactions to detect transfer locks, fee traps, and whitelist-only exit conditions before you buy in. Reads the contract directly — not market data. Works across Solana SPL tokens and all major EVM chains.
💧
Liquidity & Holders
Reviews pool depth, LP lock status, and top wallet percentages. Surfaces unlocked pools and concentrated wallets before the price collapses.
Results in Seconds
On-chain read — no API delays, no market data lag. Raw contract analysis returned in under 5 seconds.
Token verified? Swap at best price.
Route across Raydium, Orca, Meteora & 50+ DEXes — non-custodial, no KYC
Swap on Verixia →
SOL ETH BASE ARB BNB AVAX Powered by Verixia

Token Risk Analysis -- Contract, Liquidity & Holders

🔗 TL;DR

A token's risk lives in three places: contract permissions (can the dev mint, freeze, or block sells?), liquidity structure (is the LP locked and deep enough to exit?), and holder distribution (can a handful of wallets dump the entire float?). The checker above reads all three directly on-chain in under five seconds.

Scan time< 5 sec
Signals checked15+
Cost (first check)Free

At the core of the "update authority check" pattern lies a foundational mechanism that governs who holds the power to modify key contract parameters or logic after the initial deployment. On the surface, this role of update authority may appear as a straightforward administrative function, intended to facilitate routine maintenance, feature enhancements, or necessary upgrades. This perspective aligns with the practical need for adaptability in fast-evolving environments such as decentralized finance or blockchain gaming. Yet, beneath this seemingly benign administrative role is a profound tension between flexibility and control. The update authority can grant significant power shifts that extend well beyond incremental improvements, including the ability to alter tokenomics, freeze token transfers, or redirect funds—actions that can fundamentally change the contract’s behavior and value proposition. The mere presence of an update authority introduces a layer of mutability that can be exploited, even if the contract initially appears secure and the deployment code is audited.

One must appreciate that the distinction between a fixed, immutable contract and one that incorporates an update authority is not merely technical but reflects differing trust assumptions. A fixed contract relies on the finality of code and immutability as its security backbone, offering a predictable and transparent user experience. Conversely, a contract with an update authority inherently requires trust in the entity controlling this role since it can modify or override critical logic post-deployment. This introduces a potential attack surface that is often underestimated. The update authority check itself acts as a gatekeeper, selectively authorizing privileged functions that can have sweeping consequences. Such privileges might include upgrading smart contract implementations, adjusting fee structures, or even blacklisting addresses. While this mutability can be a powerful tool for governance or compliance, it can also enable malicious or self-serving behavior if controls over the authority are lax or compromised.

Arguably, the most analytically significant factor in this pattern is the control over the private key or keys associated with the update authority. Private keys are the linchpin of blockchain security, granting the holder unmediated power to execute sensitive contract operations. Whoever has access to the update authority’s private keys effectively controls the contract’s future state. This means that despite thorough security audits and rigorous code reviews at launch, the update authority can push changes that may undermine previously established guarantees. The risk thus shifts from the contract’s codebase to the operational security of key management. In scenarios where the update authority’s private key is lost, stolen, or held by a malicious party, the contract’s integrity can be rapidly and irreversibly compromised. This underscores that the update authority check is not just a technical feature but also an operational security concern that requires ongoing vigilance.

An important dimension to this analysis involves the interplay between contract mutability design and the architecture of update authority control. Contracts employing proxy upgrade patterns are explicitly designed for mutability, separating storage and logic so that the logic can be updated without redeploying the entire contract. When such mutability is paired with a multisignature (multisig) wallet controlling the update authority, the risk of a single point of failure is mitigated. Multisig wallets require multiple private keys to authorize a transaction, thus distributing trust among several independent actors and reducing the likelihood of unilateral malicious changes. This setup introduces operational complexity but enhances security by making collusion or key compromise more difficult. On the other hand, a mutable contract governed by a single-key update authority concentrates risk significantly. In this scenario, if that single key is compromised—whether through phishing, insider threat, or poor key management—the attacker gains full control over contract upgrades. This stark contrast highlights how the interaction between mutability and key management architecture shapes the security profile and risk exposure of the contract.

Moreover, the presence of an update authority check signals an inherent trade-off between adaptability and trust. While this pattern can enable legitimate and necessary contract upgrades, such as patching bugs, upgrading features, or conforming to regulatory requirements, it simultaneously opens potential avenues for abuse. If governance controls are weak, keys are poorly secured, or transparency is lacking, the update authority can be weaponized to enact harmful changes without community consent. Importantly, the mere existence of an update authority does not inherently confirm malicious intent or risk. Numerous projects deploy this pattern transparently, coupled with robust governance frameworks and community oversight, thus balancing flexibility with security. However, thorough scrutiny is warranted to understand who holds update power, the mechanisms that secure this power, and whether the community or users have meaningful recourse in the event of malicious or accidental updates.

This nuanced understanding prevents blanket assumptions about contracts with update authorities. Instead, it encourages a layered assessment of contract governance structures, operational security, and transparency. Recognizing that the update authority check is both a technical and governance feature helps analysts and participants weigh the benefits of contract mutability against the risks introduced by centralized control points. This balance is especially critical in ecosystems where the median pool depth, market cap, and trading volume suggest significant liquidity and stakeholder interest, magnifying the potential impact of any update authority misuse. Ultimately, "update authority check" is a pattern that embodies the ongoing tension in decentralized systems between code immutability and the practical need for adaptability, trust, and risk management.

Pre-buy on-chain checklist

  • Mint authority renouncedConfirms supply is capped — no new tokens can be issued post-launch.
  • LP locked or burnedLiquidity cannot be removed in a single transaction. Lock duration and locker contract are both verifiable on-chain.
  • !Top 10 holders under 40%Lower concentration means coordinated dumps are mechanically harder. Above 40% is a structural caution.
  • !No active freeze authorityActive freeze means wallets can be paused at the contract level — no exit possible during a freeze.
  • ×No transfer restrictionsThe transfer function should accept any holder selling. Encoded sell blocks, whitelist exits, and hidden tax functions are honeypot signatures.

Frequently asked questions

Related Risk Guides

Verify the contract address before you buy in. Paste it into the scanner above for the full on-chain breakdown.

Why on-chain signals matter

🔒
Non-custodial Your wallet keys never leave your device. Funds move directly between wallets through the smart contract — Verixia holds nothing.
No account required No sign-up, no KYC, no email. Connect your wallet and swap. Disconnect at any time — no ongoing permissions required.
Solana + EVM Checks SPL tokens and EVM contracts across Ethereum, Base, Arbitrum, BNB Chain, Polygon, and Avalanche.
VR
Verixia Research
On-chain Solana DeFi analysis
Verixia Research analyzes Solana DeFi mechanics, token risk patterns, and DEX aggregator routing using verified market data from DexScreener combined with structural pattern analysis. All ratings derive from observable on-chain signals, not editorial opinion.
📖 How we analyze 👤 About 🔗 Sources: DexScreener market data, structural pattern analysis
⚙ Methodology
Every risk verdict is generated from three on-chain reads run in parallel: (1) direct contract bytecode analysis for honeypot patterns, mint/freeze authority, and blacklist functions; (2) liquidity pool inspection for LP lock status, depth, and removable percentage; (3) holder distribution from token-account snapshots. No editorial opinion is layered on the output. Read the full methodology →