Project
Trust
Tools
Insights How to buy FAQ Join community
Safety Tool — Educational Only

Rug-Pull Safety
Checklist

Before you interact with any crypto project, run it through these 12 on-chain and off-chain safety signals. A high score is reassuring — but it is never a guarantee. Always do your own research.

Not financial advice. This tool is purely educational. It highlights signals that researchers use to assess transparency — it cannot predict whether any project will succeed, fail, or be fraudulent. Cryptocurrency is high risk. Only interact with tokens using funds you can afford to lose entirely. Always verify claims on-chain and DYOR.

Mint authority is revoked

If a token's mint authority is still active, the team can create unlimited new tokens at any time — instantly diluting every holder's share to near zero. A revoked mint authority means no new supply can ever be created. Verify on Solscan or Solana.fm: look for "Mint Authority: None" or "Revoked".

Critical

Freeze authority is revoked

A freeze authority allows the token creator to freeze any wallet holding that token — making your tokens immovable. When this authority is revoked, no single party can prevent you from transferring your own tokens. Verify the same way as mint authority on any Solana block explorer.

Critical

Token supply is fixed and publicly verifiable

The total supply should be declared by the project and match what's shown on-chain. Check that the circulating supply matches the stated supply, and that no large undisclosed reserve exists. On Solana, on-chain supply figures cannot be manipulated retroactively once mint authority is revoked.

Critical

Liquidity is locked or burned (if trading has begun)

In a rug pull, a team provides liquidity to a DEX, drives up the price, then withdraws all liquidity — leaving buyers with worthless tokens. If a project is already trading, check whether LP (liquidity provider) tokens are locked in a time-lock contract or permanently burned. Platforms like Raydium publish LP info. (If a project is pre-launch and not yet trading, tick Yes and note that this signal applies once live.)

Critical

Contract address is publicly listed on official channels only

Scammers create fake tokens with near-identical names and promote them via DMs, fake announcements, and copycat accounts. The real contract address should appear only in the project's verified Twitter/X bio, official Telegram pinned messages, or verified website. Never trust an address shared in a DM — even if the sender looks official.

Critical

No single wallet holds a dangerously large share

On Solscan, view the "Holders" tab for any Solana token. If one or a small number of wallets hold 30%, 50%, or more of the supply, a co-ordinated dump by those wallets could devastate the market. Look for a broadly distributed holder list, or a clearly identified treasury/team wallet that is disclosed and time-locked. There is no universal safe threshold — use your own judgement.

Important

Team is transparent (or anonymous by deliberate, stated choice)

Many legitimate crypto projects are anonymous — anonymity alone is not a red flag. The risk is unexplained anonymity combined with false promises. A trustworthy anonymous team should still articulate who they are culturally, why they chose anonymity, and what accountability mechanisms exist. Doxxed teams carry legal accountability; anonymous teams rely on reputational consistency over time.

Important

Smart contract has been audited by a named, independent firm

A third-party audit means a security firm reviewed the contract code for vulnerabilities, backdoors, and exploits. Note: an audit is not a guarantee of safety — it reflects the state of the code at the time of review. Always check the audit is real (hosted on the auditor's own site), recent, and that no critical issues were left unresolved. (Many early-stage projects are unaudited — mark No if uncertain, and proceed with extra caution.)

Important

Project makes realistic claims — no guaranteed returns

Any project promising guaranteed profits, fixed APY returns, or a specific price target is either misinformed or deliberately misleading. Cryptocurrency markets are volatile and unpredictable. Credible projects describe their roadmap, use case, and community without making financial promises. Phrases like "100x guaranteed", "risk-free", or "your money will grow" are serious red flags.

Important

Community is active, organic, and free of excessive hype

Visit the project's Telegram and Twitter/X. A healthy community discusses ideas, asks critical questions, and receives honest answers. Red flags include: only hype with no substance, questions being deleted or banned, bots dominating the feed, or an unusually fast-growing follower count with low engagement. Healthy scepticism within a community is a positive sign, not a negative one.

Useful

You are using official links from the project's verified accounts

Phishing is rampant in crypto. Scammers clone websites with slightly different domains (e.g. trusttai1s.io instead of trusttails.io), create fake Telegram groups with near-identical names, and impersonate admins. Always navigate to official links from the project's verified Twitter/X bio or a bookmarked URL. Never click links shared in DMs — legitimate projects will never contact you first via DM to offer tokens, whitelist spots, or airdrops.

Critical

No artificial urgency or pressure tactics

Countdown timers, "only X spots left", "buy now before it's gone", or pressure from community members to hurry are classic manipulation techniques designed to bypass your rational thinking. Legitimate projects want long-term, informed holders — not impulsive buyers. If you feel rushed, that itself is a signal to slow down and research more carefully.

Important
Solana Token Checker
0
/ 12
Answer to begin
Tick each signal above. Results update live.

A high score is encouraging but is not a safety guarantee. Do your own research before interacting with any token.

Common scam patterns

  • Unsolicited DMs offering tokens or whitelist spots
  • "Send X SOL to receive 2X back" — always a scam
  • Fake "presale" links not listed on the official site
  • Impersonation of admins or team members in Telegram
  • Lookalike token contract addresses with 1 character changed

Verify TrustTails on-chain

TrustTails (TAIL) — all critical signals confirmed at launch.

Contract 4NoNV3jSYLRbUtVWSTK5XdkpuvRzGpMCmfZSBKMuk6Rc
View on Solscan
Methodology

How the checklist works

Each signal is drawn from publicly documented rug-pull patterns and on-chain forensics research. Here is what each category means and how to interpret your score.

Critical signals (5 items)

These are the highest-risk factors. A "No" on any Critical signal should make you deeply cautious. They include mint authority, freeze authority, fixed supply, liquidity status, and link verification — all things that can be checked on-chain in under two minutes.

Important signals (5 items)

These require more interpretation. Holder concentration, team transparency, audits, realistic claims, and absence of pressure tactics are context-dependent — but each "No" meaningfully increases risk. Together they paint a picture of the project's culture and intentions.

Useful signals (2 items)

Community quality and the absence of artificial urgency are softer signals, but still meaningful. An organic community that tolerates critical questions is one of the best long-term indicators of a project worth following — even if it is not a financial guarantee.

Higher scores suggest transparency

  • All 5 Critical signals confirmed on-chain
  • Team communicates honestly without hype
  • Audit available from a named firm
  • Questions welcomed in community
  • No financial promises made anywhere

Lower scores suggest elevated risk

  • Mint or freeze authority still active
  • Contract address circulating via DMs
  • One wallet holds a majority of supply
  • Returns guaranteed or price targets promised
  • Community deletes critical questions
A perfect score is not a guarantee of safety. Rug pulls and scams are constantly evolving. A project can pass every signal on this checklist and still be risky due to factors not captured here: market conditions, team decisions, protocol risks, or plain misfortune. This tool helps you ask the right questions — it does not answer them on your behalf.
Glossary

Key terms defined

Understanding the vocabulary is the first step to protecting yourself. These are the terms used throughout this tool and across on-chain research.

Rug pull
A type of cryptocurrency exit scam in which a project's creators abandon it and run off with investor funds — often by withdrawing all liquidity from a trading pool. The term comes from the phrase "pulling the rug out from under" investors. Rug pulls can be immediate (a single wallet drains everything in minutes) or slow (gradual sell-offs over weeks).
Mint authority
The ability to create new tokens and add them to the total supply. On Solana, this is a permission that can be permanently revoked. When revoked, the supply is provably fixed forever — no one, including the original creators, can ever mint additional tokens. This is verifiable on any block explorer by checking the token's metadata.
Freeze authority
The ability to freeze specific token accounts, preventing the holder from transferring or selling their tokens. This is a standard Solana SPL token permission that should be revoked by any project serious about holder autonomy. Like mint authority, revocation is permanent and publicly verifiable on-chain.
Liquidity pool (LP)
A smart contract holding a pair of tokens (e.g. TAIL/SOL) that allows trading without a traditional order book. Anyone can add liquidity and receive LP tokens representing their share. In a rug pull, founders who added the initial liquidity withdraw it all at once, leaving other traders with tokens they cannot sell at any meaningful price.
LP token lock
A mechanism where LP tokens are deposited into a time-lock contract — they cannot be withdrawn until a set future date. This prevents the liquidity provider from immediately rugging the pool. Burned LP tokens go further: they are sent to a dead wallet and can never be retrieved by anyone.
Smart contract audit
A structured review of a smart contract's code by an independent security firm. Auditors look for vulnerabilities, backdoors, logic errors, and exploitable functions. Audit reports should be publicly hosted on the auditing firm's own website. A self-published "audit" without a named firm carries little weight.
DYOR (Do Your Own Research)
A widely used phrase in crypto communities reminding participants that no external source — not influencers, not communities, not checklists — can substitute for your own due diligence. Research the team, the code, the tokenomics, the on-chain data, and the broader market context before making any decision.
Holder concentration
A measure of how the total token supply is distributed across wallets. High concentration means a small number of wallets hold a disproportionate share. This creates risk because co-ordinated selling by those wallets can severely impact the market. Block explorers like Solscan show the full holder distribution for any token.
Worked Example

How does TrustTails score?

As an example of how to apply this checklist, here is what the publicly verifiable on-chain facts about TrustTails (TAIL) show at the time of writing. We present this factually — not as an investment recommendation.

Confirmed on-chain signals

  • Mint authority: REVOKED
  • Freeze authority: REVOKED
  • Fixed supply: 1,000,000,000 TAIL
  • Contract publicly listed on official channels
  • No guaranteed returns claimed anywhere
  • Official links confirmed in verified bios

Signals to be verified as project matures

  • Liquidity lock — applicable once trading begins
  • Smart contract audit — planned, not yet published
  • Holder distribution — visible once tokens distribute
TrustTails is pre-launch. We present this example transparently so you can apply the same methodology to any project you research.
This is not a recommendation to buy TAIL or any other token. TrustTails is a small, pre-launch, community-first project. Cryptocurrency carries significant risk, including the risk of losing everything you invest. We share the above facts because transparency is a core value — not because we are asking you to invest.
FAQ

Frequently asked questions

Common questions about rug pulls, safety signals, and how to verify crypto projects independently.

What is a rug pull and how does it happen?

A rug pull is a type of crypto exit scam. The most common form involves a team creating a token, building hype, then withdrawing all liquidity from a trading pool — making the token instantly unsellable. Slower variants involve gradual large wallet dumps or abandoned projects where development simply stops. Rug pulls range from brazen theft to quiet abandonment; the on-chain signals in this checklist address the most common attack vectors.

Does a high score on this checklist mean a project is safe?

No. A high score means the project passes the transparency signals we have identified — it does not mean the project will succeed, remain legitimate over time, or be free of risks we have not captured. Market conditions, team decisions, smart contract bugs, protocol-level exploits, and regulatory changes can all affect a project independently of these signals. Treat a high score as a starting point for further research, not a conclusion.

How do I verify mint and freeze authority on Solana?

Visit solscan.io and search the token's contract address. On the token overview page, look for the "Mint Authority" and "Freeze Authority" fields. If they show "None" or display an empty address, the authority is revoked. You can also check solana.fm or explorer.solana.com for the same information. This takes under 60 seconds and is the single most important on-chain check you can do.

Is an anonymous team automatically a red flag?

Not automatically. Many legitimate and successful crypto projects were built by anonymous teams. The risk is when anonymity is combined with false promises, no verifiable history, and no accountability mechanism. A team that is honest about being anonymous, consistent over a long period, and transparent about their decisions can still demonstrate trustworthiness through behaviour rather than identity. Judge the pattern of actions, not the absence of a name.

What does "liquidity locked" mean and how do I check it?

When a project provides liquidity to a DEX like Raydium, the liquidity pool issues LP tokens back to the provider. If those LP tokens are sent to a time-lock contract, the provider cannot withdraw the liquidity until the lock expires — this protects buyers. If LP tokens are burned (sent to a dead wallet), the liquidity is permanently locked. You can check on tools like Birdeye or the DEX's own pool information page. For pre-launch projects, this signal applies once the token is tradable.

Can I trust a project that says it was audited?

Only if the audit report is publicly hosted on the auditing firm's own official website and matches the contract address you are reviewing. Fake or low-quality "audits" do exist — some are self-produced, some are paid for from non-credible firms, and some are outdated (the contract may have changed since). Always verify the audit exists on the firm's domain, that it was recent, and that no critical or high-severity issues were left unaddressed.

How do I spot a fake presale or phishing link?

Always navigate from the project's verified Twitter/X bio link or a URL you have previously bookmarked from a verified source. Check the domain character by character — scammers use look-alike characters (l vs I, 0 vs O, adding hyphens or swapping TLDs). Legitimate projects will never DM you first with a presale link. If you receive an unsolicited message about a token, presale, airdrop, or whitelist — treat it as a scam until proven otherwise. When in doubt, ask in the official community channel (not the DM) and check against the official website.

Does this checklist apply to tokens on networks other than Solana?

Most signals apply across networks, but the specific tools and terminology differ. On Ethereum, mint authority may be called "owner" with a mint function; liquidity lock tools include Unicrypt or Team Finance. The core concepts — fixed supply, revoked permissions, locked liquidity, transparent team, realistic claims — are universal to evaluating any token on any chain. Always use the appropriate block explorer and DEX for the network you are researching.

More Tools

Related safety tools

Continue your research with these companion tools and educational resources.

Solana Token Checker

Look up any Solana SPL token by contract address and see mint authority, freeze authority, supply, and holder distribution at a glance.

Open tool

How to spot a rug pull

A deeper educational guide to the mechanics of rug pulls, historic examples, the anatomy of a coordinated pump-and-dump, and how to protect yourself.

Read article

Is TrustTails legit?

A dedicated page explaining TrustTails' on-chain verifiable facts — mint revoked, freeze revoked, fixed supply — with links to block explorer evidence.

Read more
TrustTails (TAIL)

A token built to pass its own checklist

Mint revoked. Freeze revoked. Fixed supply. No hype. No price promises. TrustTails is pre-launch and not currently available to buy — but you can follow the project and ask us anything in the community.

Not financial advice. TAIL is a high-risk, pre-launch community token. Only use funds you can afford to lose entirely.