Red Flags Checklist
20 signals that flag an Ethereum token as risky. Each row tells you the flag, the weight, the underlying on-chain signal our scoring engine emits, and a note on context. Print this page (Ctrl+P) and tape it next to your monitor - that's the highest-ROI safety upgrade you can make for free.
The scanner runs every signal in this table plus 60 more. Paste a contract, get the 0-100 risk score in 10 seconds.
How to use this list
Walk the list top to bottom on any token before buying. Any single Critical flag is enough to exit - those have near-100% empirical precision in our dataset. Two or more High flags usually compound to a scam pattern even when each one alone is ambiguous. Medium and Low flags are calibration noise - they matter only when stacked with weightier ones.
The "Signal" column is the exact flag name our scoring engine emits, in case you want to look it up in the signal catalogue for the full definition and the detection logic.
Contract
| Red flag | Weight | Signal | Why it matters |
|---|---|---|---|
| Contract source code not verified on Etherscan | Medium | unverified_bytecode_analyzed | 30% of scams hide here; verified ≠ safe but unverified ≠ instant ditch either |
| Bytecode matches a known scam template (≥10 prior scam tokens) | Critical | known_scam_bytecode | Our database tracks 156 such templates; reuse is the strongest single signal we ship |
| Suspicious function selectors in the bytecode | Medium | suspicious_selectors | Selectors like `blacklist(address)`, `setBuyTax(uint256)`, `excludeFromMaxTx(address)` flagged from raw bytecode |
| Owner has not been renounced | Low | no_renounce_ownership | Common in legitimate projects too; only matters when combined with other flags |
| Proxy contract detected (UUPS, beacon, or admin proxy) | Medium | proxy_detected | Lets the deployer swap the implementation post-launch - kill switch hatch |
Trading
| Red flag | Weight | Signal | Why it matters |
|---|---|---|---|
| Honeypot - sell simulation reverts on a clean buy | Critical | honeypot | 100% precision in our 36 263-scam reference set - no false positives by construction |
| Sell tax above 30% | Critical | extreme_sell_fee | Same as honeypot in effect; sellers receive almost nothing |
| Buy succeeds but sell fails for new accounts | Critical | sell_blocked | Catches dynamic blacklists that activate after the first N buyers |
| Trading not enabled - sells revert for everyone but the deployer | High | trading_not_enabled | Often pre-launch; if persistent after liquidity is added, treat as honeypot |
| Buy-only pattern - only one direction of trades is happening | High | buy_only_pattern | Either honeypot or wash-trading by the deployer |
Liquidity
| Red flag | Weight | Signal | Why it matters |
|---|---|---|---|
| Pool depth under $1k USD | High | low_liquidity | Scaffolding launch; the deployer can pull it for 0.5 ETH |
| Deployer holds 100% of LP supply, unlocked | High | creator_holds_all_lp | Rug-ready setup. Locked at Unicrypt or burned is the positive signal here |
| LP not burned and not locked | Medium | lp_not_burned | Less critical than 100% deployer-held, but still a yellow flag |
Deployer
| Red flag | Weight | Signal | Why it matters |
|---|---|---|---|
| Deployer wallet less than 24h old | High | new_wallet | Combined with no prior history = textbook scam factory pattern |
| Deployer has launched 10+ tokens in the last 30 days | Critical | mass_deployer | Serial scammer with assembly line; near-100% scam rate empirically |
| Deployer previously deployed ≥1 confirmed scam | Critical | previous_scam_tokens | Past performance predicts future behavior in this niche |
| Deployer funded from a disposable wallet (< 7 days, single tx) | Medium | disposable_wallet | Combined with funder graph: traces to mass scam clusters |
Holders
| Red flag | Weight | Signal | Why it matters |
|---|---|---|---|
| Single non-LP wallet holds >50% of supply | High | single_mint_concentrated | Either deployer-as-exit-liq or coordinated insider position |
| Fewer than 10 holders 24h after launch | Medium | very_few_holders | Either organic-but-irrelevant or pre-rug positioning; need to read context |
Brand
| Red flag | Weight | Signal | Why it matters |
|---|---|---|---|
| Token name or ticker mimics a known major brand | High | name_mimics_known_token | Brand-jack pattern. 239 fake USDC, 49 fake PEPE, 43 fake TRUMP in our index |
What this list does not catch
Time-delayed rugs. Some scams pass every static check at launch and pull liquidity weeks later. The protection there is real-time monitoring - set a price alert and watch the LP token balance.
Owner-triggered kill switches in upgradeable proxies. A contract that looks clean today can be malicious tomorrow if the implementation is swapped. Treat any proxy with admin powers as conditionally safe at best.
Off-chain trust failures. Custodial bridges, centralized treasuries, off-chain governance - none of these show up on Etherscan. Read the docs for that part.