Rugpull Scorer
Score any ERC-20 token contract from 0 (safe) to 100 (almost certainly a rug) in one API call. Detects honeypots, owner-power abuse, and known scam-deployer wallets across four EVM chains.
What it does
Paste a token contract address, get back:
- A 0–100 risk score
- A risk bucket (Safe / Low / Medium / High / Critical)
- Every triggered flag with an explanation and the evidence
- A verdict on whether the token is tradeable (not a honeypot)
The scorer combines static contract analysis, a simulated buy/sell, deployer-wallet reputation, and liquidity-pool checks. It does not predict future price — it answers "can this code take my money even if I do nothing wrong."
Using the web UI
Go to threatchain.io/rugpull-check, paste the token contract address, pick a chain, click Scan Contract. Results in 3–10 seconds.
The results page shows the score headline, list of triggered flags with plain-English explanations, a tradeability verdict, and a button to share the report.
Score methodology
The score is the sum of triggered-flag penalties, capped at 100. Each flag carries a point value reflecting how definitively it indicates a scam. Flags are grouped into four families — honeypot, owner-power, deployer, liquidity — and the score aggregates them with family-level caps so no single family can overwhelm the result.
| Family | Max contribution | Runs what |
|---|---|---|
| Honeypot | 50 | Simulated buy/sell on a forked node |
| Owner power | 40 | Static analysis of onlyOwner functions and pause logic |
| Deployer reputation | 30 | Cross-reference against ThreatChain's scam-deployer cluster DB |
| Liquidity | 25 | LP lock status, concentration, and age |
Risk buckets
| Score | Bucket | What to do |
|---|---|---|
| 0–14 | Safe | No rug indicators. Still do your own research on fundamentals and team. |
| 15–34 | Low risk | Minor flags — usually small owner-power items. OK for most traders with standard caution. |
| 35–59 | Medium | Owner holds real leverage (mint, pause, blacklist). Proceed with position-sizing caution. |
| 60–84 | High | Multiple rug indicators active. Most of these tokens drain within 30 days. |
| 85–100 | Critical | Confirmed honeypot or known rug-deployer. Do not buy. |
Flag reference
Full list of 27 flags across four families. Each flag shows its point value when triggered.
Honeypot flags
blacklist or equivalent function that can block specific addresses from selling.Owner-power flags
Deployer flags
Liquidity flags
API reference
curl "https://threatchain.io/rugpull/score?address=0xtokenaddr...&chain=ethereum"Response shape
{
"address": "0xtoken...",
"chain": "ethereum",
"name": "Example Token",
"symbol": "EXAMPLE",
"decimals": 18,
"score": 72,
"bucket": "high",
"tradeable": true,
"buy_tax": 5.0,
"sell_tax": 95.0,
"flags": [
{ "id": "HP-HIGH-SELL-TAX", "severity": "high", "points": 30, "evidence": "sell tax 95% observed in simulation" },
{ "id": "OW-SET-TAX-UNCAPPED", "severity": "high", "points": 25, "evidence": "setTax(uint256) has no maximum" },
{ "id": "DP-FRESH-WALLET", "severity": "medium", "points": 10, "evidence": "deployer funded 3h before deploy" }
],
"checked_at": "2026-04-20T16:18:00Z"
}Scores are cached for 30 minutes per (address, chain). Pass &refresh=true to force re-scoring (counts against your enrichment quota).
Chain coverage
- Ethereum —
ethereum(default) - Arbitrum One —
arbitrum - Base —
base - Polygon PoS —
polygon
BSC and BNB Chain are high on the roadmap — most rug-pulls happen there. Contact us if you need it urgently.
Integrations
Bookmarklet
Drag this link to your bookmarks bar, then click it on any etherscan/arbiscan/basescan token page to score it instantly:
javascript:(()=>{
const a = (location.pathname.match(/\/token\/(0x[a-fA-F0-9]{40})/)||[])[1];
if(!a) return alert("Open an etherscan /token/0x... page first");
const chain = location.host.includes("arbi")?"arbitrum":location.host.includes("base")?"base":location.host.includes("polygon")?"polygon":"ethereum";
window.open(`https://threatchain.io/rugpull-check?address=${a}&chain=${chain}`);
})();Telegram rug-check bot
import httpx, os
from telegram.ext import Application, MessageHandler, filters
async def handle(update, ctx):
txt = update.message.text.strip()
if not txt.startswith("0x"): return
r = httpx.get(f"https://threatchain.io/rugpull/score?address={txt}").json()
flags = "\n".join(f"• {f['id']} (+{f['points']})" for f in r.get("flags", [])[:5])
msg = f"{r.get('name','?')} ({r.get('symbol','?')})\nScore: {r['score']} ({r['bucket']})\nTradeable: {r['tradeable']}\n\n{flags}"
await update.message.reply_text(msg)
app = Application.builder().token(os.environ["TG_TOKEN"]).build()
app.add_handler(MessageHandler(filters.TEXT, handle))
app.run_polling()Limitations
- New tokens (< 1 hour old). Liquidity-lock flags may be stale for first-hour tokens until LP-lock contracts are scraped.
- Governance-controlled tokens. Multisig or DAO-controlled tokens score as "high owner power" because the scorer can't distinguish benign vs malicious governance. Manual review recommended.
- Custom AMMs. Scoring assumes Uniswap V2/V3-compatible pools. Esoteric AMMs (bonding curves, single-sided LPs) may report inaccurate liquidity data.
- The score is a risk signal, not a guarantee. A 100 is almost certainly a rug; a 0 is not a green light to YOLO.
FAQ
Q — Does scanning leave a trace?
We simulate buy/sell on a forked node off-chain. The on-chain token isn't touched.
Q — Why did my safe token score Medium?
Likely owner power — mint or pause capabilities common in modern tokens add points even when governance is trusted. Check the flag list to see which specifically triggered.
Q — Can I submit a token I suspect is a rug?
Submit via the contact form with category "Security issue" and the contract address. Confirmed scams go into the deployer database and flag future deploys from the same wallet.
Q — How accurate is the score historically?
Last internal audit: tokens scored ≥ 60 had a 82% 30-day rug rate. Tokens scored < 15 had a 3% 30-day rug rate (mostly failed legitimate projects, not scams).