The Rug Pull Problem

In 2025, over $2 billion was lost to rug pulls and honeypot scams across EVM and Solana chains. The pattern is always the same: a new token launches, social media hypes it, early buyers pile in — and then the creator drains the liquidity pool or the smart contract blocks all sells.

The problem isn’t that rug pulls are undetectable. Most are trivially identifiable by inspecting the smart contract. The problem is that humans don’t read contracts. They see a green chart and ape in.

AI trading agents don’t have this bias. They can check every contract before every trade — if they have the right data. The CryptoDataAPI /dex/security/{chain}/{address} endpoint provides exactly this: an instant contract audit with a normalized risk score.

How the Security Endpoint Works

Send a token address and chain, get back a comprehensive security report:

curl -H "X-API-Key: YOUR_KEY" \
  https://cryptodataapi.com/api/v1/dex/security/ethereum/0x6982508145454ce325ddbe47a25d4ec3d2311933

The response includes:

The endpoint supports both EVM chains (Ethereum, Base, BSC, Arbitrum) and Solana, with chain-specific checks normalized into a unified response format.

Understanding Risk Flags

Not all risk flags are equal. Here’s what each one means and how much it should worry you:

FlagWhat It MeansSeverity
is_honeypotContract blocks sell transactions. You can buy but never sell.Critical — instant deal-breaker
is_mintableOwner can mint new tokens, diluting supply at will.High — enables infinite inflation
has_hidden_ownerContract ownership is obscured through proxy patterns.High — can’t verify who controls the contract
is_open_sourceWhether the contract source is verified on-chain.High if false — unverified = trust us bro
has_tax_modificationOwner can change buy/sell taxes post-deploy.High — can set sell tax to 100%
is_blacklistableOwner can blacklist specific addresses from trading.Medium — common in legit tokens too
can_pause_transfersOwner can freeze all transfers globally.Medium — sometimes used for migration
is_freezableSolana: token authority can freeze individual accounts.Medium — Solana-specific authority check

How the Risk Score Is Calculated

The risk_score field is a weighted composite that starts at 100 (perfectly safe) and deducts points for each red flag:

FlagPenalty
is_honeypot = true−50 points
has_hidden_owner = true−20 points
is_mintable = true−15 points
is_open_source = false−15 points
sell_tax > 10%−20 points
creator_balance > 5%−10 points
LP not locked−10 points

The score maps to risk levels:

A score of 85 on a brand-new Solana token means it passed most checks but might have unlocked LP or a slightly high creator balance. A score below 50 is a strong signal to avoid.

EVM vs. Solana: What’s Different

The security endpoint normalizes EVM and Solana data into the same response format, but the underlying checks differ:

CheckEVMSolana
Honeypot detectionSimulated buy/sellToken authority analysis
Mintable supplyContract function scanMint authority status
Freeze capabilityN/AFreeze authority status
Source verificationEtherscan verifiedN/A (all programs are bytecode)
Hidden ownerProxy pattern detectionN/A
Tax modificationSlippage modifier functionsN/A

Solana tokens have fewer contract-level risks (no arbitrary smart contract logic for SPL tokens) but different risks around mint/freeze authorities. The API handles this normalization so your agent doesn’t need chain-specific logic.

Integrating Security Checks into Your Trading Pipeline

The most effective pattern is to make security checks a mandatory gate before any trade execution:

import httpx

API_KEY = "cdk_live_yourkey"
BASE = "https://cryptodataapi.com/api/v1"
HEADERS = {"X-API-Key": API_KEY}

def is_safe_to_trade(chain: str, token_address: str) -> bool:
    """Returns True only if the token passes security checks."""
    r = httpx.get(
        f"{BASE}/dex/security/{chain}/{token_address}",
        headers=HEADERS,
    )
    data = r.json()

    # Hard stops: never trade honeypots or critical risk
    if data.get("risk_flags", {}).get("is_honeypot"):
        return False
    if data.get("risk_score", 0) < 50:
        return False

    # Soft checks: log warnings but allow
    if data.get("risk_flags", {}).get("is_mintable"):
        print(f"Warning: {token_address} has mintable supply")
    if not data.get("lp_info", {}).get("any_lp_locked"):
        print(f"Warning: {token_address} has no locked LP")

    return True

Call is_safe_to_trade() before every buy order. The endpoint caches results for 10 minutes per token, so repeated checks on the same token are fast.

Don’t Trade What You Haven’t Scanned

Every meme coin trade should start with a security check. It takes one API call and 200ms — a negligible cost compared to losing your entire position to a honeypot.

The /dex/security/{chain}/{address} endpoint gives your agent a clear, numeric risk assessment for any token on any supported chain. Integrate it as a hard gate in your trading pipeline and you’ll filter out the vast majority of scams automatically.

Try it now:

curl -H "X-API-Key: YOUR_KEY" \
  https://cryptodataapi.com/api/v1/dex/security/solana/TOKEN_ADDRESS

Get your free API key at cryptodataapi.com (50 requests/day, no credit card required).