The Rug Pull Problem
In 2025, over $2 billion was lost to rug pulls and honeypot scams across EVM and Solana chains. The pattern is always the same: a new token launches, social media hypes it, early buyers pile in — and then the creator drains the liquidity pool or the smart contract blocks all sells.
The problem isn’t that rug pulls are undetectable. Most are trivially identifiable by inspecting the smart contract. The problem is that humans don’t read contracts. They see a green chart and ape in.
AI trading agents don’t have this bias. They can check every contract before every trade — if they have the right data. The CryptoDataAPI /dex/security/{chain}/{address} endpoint provides exactly this: an instant contract audit with a normalized risk score.
How the Security Endpoint Works
Send a token address and chain, get back a comprehensive security report:
curl -H "X-API-Key: YOUR_KEY" \
https://cryptodataapi.com/api/v1/dex/security/ethereum/0x6982508145454ce325ddbe47a25d4ec3d2311933The response includes:
- Risk flags: boolean checks for honeypot, mintable supply, freezable transfers, hidden ownership, blacklisting capability, pausable transfers, and tax modification
- Tax rates: buy and sell tax percentages
- Ownership info: creator address, creator balance percentage, owner address
- Holder distribution: total holder count and top-10 holder concentration
- Liquidity info: LP holder count and whether any LP is locked
- Risk score: 0–100 composite score (100 = safest)
- Risk level:
low,medium,high, orcritical
The endpoint supports both EVM chains (Ethereum, Base, BSC, Arbitrum) and Solana, with chain-specific checks normalized into a unified response format.
Understanding Risk Flags
Not all risk flags are equal. Here’s what each one means and how much it should worry you:
| Flag | What It Means | Severity |
|---|---|---|
is_honeypot | Contract blocks sell transactions. You can buy but never sell. | Critical — instant deal-breaker |
is_mintable | Owner can mint new tokens, diluting supply at will. | High — enables infinite inflation |
has_hidden_owner | Contract ownership is obscured through proxy patterns. | High — can’t verify who controls the contract |
is_open_source | Whether the contract source is verified on-chain. | High if false — unverified = trust us bro |
has_tax_modification | Owner can change buy/sell taxes post-deploy. | High — can set sell tax to 100% |
is_blacklistable | Owner can blacklist specific addresses from trading. | Medium — common in legit tokens too |
can_pause_transfers | Owner can freeze all transfers globally. | Medium — sometimes used for migration |
is_freezable | Solana: token authority can freeze individual accounts. | Medium — Solana-specific authority check |
How the Risk Score Is Calculated
The risk_score field is a weighted composite that starts at 100 (perfectly safe) and deducts points for each red flag:
| Flag | Penalty |
|---|---|
| is_honeypot = true | −50 points |
| has_hidden_owner = true | −20 points |
| is_mintable = true | −15 points |
| is_open_source = false | −15 points |
| sell_tax > 10% | −20 points |
| creator_balance > 5% | −10 points |
| LP not locked | −10 points |
The score maps to risk levels:
- 76–100: Low risk
- 51–75: Medium risk
- 26–50: High risk
- 0–25: Critical risk
A score of 85 on a brand-new Solana token means it passed most checks but might have unlocked LP or a slightly high creator balance. A score below 50 is a strong signal to avoid.
EVM vs. Solana: What’s Different
The security endpoint normalizes EVM and Solana data into the same response format, but the underlying checks differ:
| Check | EVM | Solana |
|---|---|---|
| Honeypot detection | Simulated buy/sell | Token authority analysis |
| Mintable supply | Contract function scan | Mint authority status |
| Freeze capability | N/A | Freeze authority status |
| Source verification | Etherscan verified | N/A (all programs are bytecode) |
| Hidden owner | Proxy pattern detection | N/A |
| Tax modification | Slippage modifier functions | N/A |
Solana tokens have fewer contract-level risks (no arbitrary smart contract logic for SPL tokens) but different risks around mint/freeze authorities. The API handles this normalization so your agent doesn’t need chain-specific logic.
Integrating Security Checks into Your Trading Pipeline
The most effective pattern is to make security checks a mandatory gate before any trade execution:
import httpx
API_KEY = "cdk_live_yourkey"
BASE = "https://cryptodataapi.com/api/v1"
HEADERS = {"X-API-Key": API_KEY}
def is_safe_to_trade(chain: str, token_address: str) -> bool:
"""Returns True only if the token passes security checks."""
r = httpx.get(
f"{BASE}/dex/security/{chain}/{token_address}",
headers=HEADERS,
)
data = r.json()
# Hard stops: never trade honeypots or critical risk
if data.get("risk_flags", {}).get("is_honeypot"):
return False
if data.get("risk_score", 0) < 50:
return False
# Soft checks: log warnings but allow
if data.get("risk_flags", {}).get("is_mintable"):
print(f"Warning: {token_address} has mintable supply")
if not data.get("lp_info", {}).get("any_lp_locked"):
print(f"Warning: {token_address} has no locked LP")
return TrueCall is_safe_to_trade() before every buy order. The endpoint caches results for 10 minutes per token, so repeated checks on the same token are fast.
Don’t Trade What You Haven’t Scanned
Every meme coin trade should start with a security check. It takes one API call and 200ms — a negligible cost compared to losing your entire position to a honeypot.
The /dex/security/{chain}/{address} endpoint gives your agent a clear, numeric risk assessment for any token on any supported chain. Integrate it as a hard gate in your trading pipeline and you’ll filter out the vast majority of scams automatically.
Try it now:
curl -H "X-API-Key: YOUR_KEY" \
https://cryptodataapi.com/api/v1/dex/security/solana/TOKEN_ADDRESSGet your free API key at cryptodataapi.com (50 requests/day, no credit card required).



