Solana Token Contract Security Checklist: Your Pre-Trade Verification Guide
You found a new meme coin. The chart looks good. The community is active. You’re ready to buy.
But wait—have you checked the contract security?
Most traders skip this step. They see a pump and FOMO in. Then they discover the contract has hidden restrictions, the dev can freeze their tokens, or liquidity isn’t locked.
This checklist will teach you exactly what to verify before buying any Solana token. Follow it, and you’ll avoid 95%+ of contract-based scams.
Why Contract Security Matters
The Real Cost of Unsafe Contracts
Statistics from Solana meme trading:
- 34% of new tokens have unsafe contract features
- $89M+ lost to contract-based scams in 2025
- 72% of victims could have avoided losses with proper checks
One missed check = potentially thousands of dollars lost.
What Contract Security Checks Prevent
| Risk | What Happens | How to Prevent |
|---|---|---|
| Mint Authority Active | Dev creates unlimited tokens → price crashes | Check: Mint Authority = Revoked |
| Freeze Authority Active | Dev freezes your tokens → you can’t move them | Check: Freeze Authority = Revoked |
| LP Not Locked | Dev pulls liquidity → price goes to zero | Check: LP Locked = YES |
| Blacklist Functions | Dev blocks your wallet from selling | Check: No blacklist functions |
| High Taxes | You lose 50%+ on every sell | Check: Sell Tax < 20% |
| Transfer Restrictions | You can’t move tokens | Check: No transfer locks |
Complete Contract Security Checklist
✅ Check 1: Mint Authority Status
What to Check:
- Mint Authority: Revoked (safe)
- Mint Authority: Active (dangerous)
Why It Matters:
Mint Authority: Active
→ Dev can create unlimited tokens
→ Dumps them on market
→ Your tokens become worthless
→ Price crashes to zero
How to Verify:
- Go to Rugcheck.xyz
- Paste token address
- Check “Mint Authority” status
- Or use Birdeye → Security tab
Action:
- ✅ Safe if: Mint Authority = Revoked
- ❌ Skip if: Mint Authority = Active
Time: 30 seconds
✅ Check 2: Freeze Authority Status
What to Check:
- Freeze Authority: Revoked (safe)
- Freeze Authority: Active (dangerous)
Why It Matters:
Freeze Authority: Active
→ Dev can freeze your tokens
→ You cannot transfer or sell
→ Tokens stuck forever
How to Verify:
- Go to Rugcheck.xyz
- Paste token address
- Check “Freeze Authority” status
- Or use Birdeye → Security tab
Action:
- ✅ Safe if: Freeze Authority = Revoked
- ❌ Skip if: Freeze Authority = Active
Time: 30 seconds
✅ Check 3: Liquidity Pool (LP) Lock Status
What to Check:
- LP Locked: YES (safer)
- LP Locked: NO (risky)
Why It Matters:
LP Not Locked
→ Dev can pull all liquidity
→ Price crashes to zero instantly
→ You cannot sell
→ Complete rug pull
How to Verify:
- Go to Rugcheck.xyz
- Check “LP Locked” status
- Verify lock duration (longer = safer)
- Or use Birdeye → Security tab
Action:
- ✅ Safe if: LP Locked = YES (6+ months)
- ⚠️ Caution if: LP Locked = NO
- ❌ Skip if: LP Not Locked + new token
Time: 1 minute
✅ Check 4: Honeypot Detection
What to Check:
- Honeypot: NO (safe)
- Honeypot: YES (trap)
Why It Matters:
Honeypot: YES
→ You can buy
→ You cannot sell
→ Money trapped forever
How to Verify:
- Go to Rugcheck.xyz
- Check “Honeypot” status
- Verify sell test passes
- Or use Birdeye → Security tab
Action:
- ✅ Safe if: Honeypot = NO
- ❌ Skip if: Honeypot = YES
Time: 30 seconds
✅ Check 5: Tax Analysis
What to Check:
- Buy Tax: < 10% (acceptable)
- Sell Tax: < 20% (acceptable)
- Extreme taxes: > 50% (avoid)
Why It Matters:
Sell Tax: 50%
→ You buy 10 SOL worth
→ You try to sell
→ You only get 5 SOL back
→ You lost 50% of your money
How to Verify:
- Go to Rugcheck.xyz
- Check “Buy Tax” and “Sell Tax”
- Or use Birdeye → Token Metrics
Action:
- ✅ Safe if: Buy Tax < 10%, Sell Tax < 20%
- ⚠️ Caution if: Taxes are moderate (10-20%)
- ❌ Skip if: Taxes are extreme (> 20%)
Time: 30 seconds
✅ Check 6: Blacklist/Whitelist Functions
What to Check:
- No blacklist functions (safe)
- No whitelist restrictions (safe)
- Blacklist/whitelist active (dangerous)
Why It Matters:
Blacklist Function Active
→ Dev adds your wallet to blacklist
→ You cannot sell
→ Money trapped
How to Verify:
- Check contract code (if you can read it)
- Use Solscan to view contract functions
- Look for “blacklist” or “whitelist” functions
Action:
- ✅ Safe if: No restriction functions
- ❌ Skip if: Blacklist/whitelist functions found
Time: 1-2 minutes
✅ Check 7: Transfer Restrictions
What to Check:
- No transfer locks (safe)
- No time-based restrictions (safe)
- Transfer restrictions active (dangerous)
Why It Matters:
Transfer Lock Active
→ You cannot move tokens
→ You cannot sell
→ Tokens stuck
How to Verify:
- Check contract code for transfer restrictions
- Use Solscan to view contract functions
- Look for “lock” or “restrict” functions
Action:
- ✅ Safe if: No transfer restrictions
- ❌ Skip if: Transfer locks found
Time: 1-2 minutes
✅ Check 8: Ownership Distribution
What to Check:
- Top 10 holders: < 50% of supply (safer)
- Dev wallet: Not in top 5 (safer)
- Holder count: > 100 (more decentralized)
Why It Matters:
Top 5 Holders Own 80%
→ Dev can dump anytime
→ Price crashes instantly
→ High manipulation risk
How to Verify:
- Go to Birdeye → Holders tab
- Check top holder percentages
- Verify dev wallet not in top 5
- Count total holders
Action:
- ✅ Safe if: Decentralized ownership
- ⚠️ Caution if: Moderately concentrated
- ❌ Skip if: Highly concentrated (> 70%)
Time: 1 minute
✅ Check 9: Liquidity Amount
What to Check:
- Liquidity: Sufficient for your trade size
- Liquidity: > 2x your position size (safer)
Why It Matters:
Liquidity: 5 SOL
Your Position: 10 SOL
→ You try to sell
→ Not enough liquidity
→ Slippage is extreme
→ You lose money
How to Verify:
- Go to DexScreener or Birdeye
- Check “Liquidity” amount
- Compare to your intended position size
Action:
- ✅ Safe if: Liquidity > 2x your size
- ⚠️ Caution if: Liquidity = your size
- ❌ Skip if: Liquidity < your size
Time: 30 seconds
✅ Check 10: Contract Verification
What to Check:
- Contract verified on Solscan (safer)
- Contract code is public (safer)
- Contract unverified (riskier)
Why It Matters:
Unverified Contract
→ Can't see what functions exist
→ Hidden restrictions possible
→ Higher scam risk
How to Verify:
- Go to Solscan.io
- Paste token address
- Check “Verified” status
- Review contract code if available
Action:
- ✅ Safe if: Contract verified
- ⚠️ Caution if: Contract unverified
- ❌ Skip if: Contract unverified + other red flags
Time: 1 minute
Quick Reference: Security Checklist Table
| Check | Safe | Caution | Skip |
|---|---|---|---|
| Mint Authority | Revoked | - | Active |
| Freeze Authority | Revoked | - | Active |
| LP Locked | YES (6+ months) | YES (< 6 months) | NO |
| Honeypot | NO | - | YES |
| Buy Tax | < 10% | 10-15% | > 15% |
| Sell Tax | < 20% | 20-30% | > 30% |
| Blacklist | None | - | Active |
| Transfer Lock | None | - | Active |
| Top 10 Holders | < 50% | 50-70% | > 70% |
| Liquidity | > 2x position | = position | < position |
| Contract Verified | YES | - | NO (if other red flags) |
Complete Pre-Trade Workflow (5 Minutes)
Step 1: Quick Scan (2 minutes)
Use Rugcheck.xyz:
- Paste token address
- Check all indicators:
- ✅ Honeypot: NO
- ✅ Mint Authority: Revoked
- ✅ Freeze Authority: Revoked
- ✅ LP Locked: YES
Action:
- ✅ If all green, proceed to Step 2
- ❌ If any red, skip immediately
Step 2: Detailed Analysis (2 minutes)
Use Birdeye.so:
- Search token address
- Go to Security tab
- Review all checks
- Check Holders tab (ownership distribution)
- Verify liquidity amount
Action:
- ✅ If all safe, proceed to Step 3
- ⚠️ If some caution flags, be extra careful
- ❌ If red flags, skip
Step 3: Contract Deep Dive (1 minute)
Use Solscan.io:
- Paste token address
- Check contract verification
- Review contract code (if available)
- Look for hidden functions
Action:
- ✅ If verified and clean, you can consider trading
- ⚠️ If unverified, be cautious
- ❌ If suspicious functions found, skip
Total Time: ~5 minutes
This workflow prevents 95%+ of contract-based losses.
Common Contract Security Issues
Issue 1: Active Mint Authority
Problem:
- Dev can create unlimited tokens
- Dumps them on market
- Price crashes
Solution:
- ✅ Only trade if Mint Authority = Revoked
- ❌ Skip if Mint Authority = Active
Issue 2: Active Freeze Authority
Problem:
- Dev can freeze your tokens
- You cannot move or sell
- Tokens stuck forever
Solution:
- ✅ Only trade if Freeze Authority = Revoked
- ❌ Skip if Freeze Authority = Active
Issue 3: Unlocked Liquidity
Problem:
- Dev can pull all liquidity
- Price goes to zero
- Complete rug pull
Solution:
- ✅ Prefer LP Locked = YES (6+ months)
- ⚠️ Be cautious if LP Not Locked
- ❌ Skip new tokens with unlocked LP
Issue 4: Extreme Taxes
Problem:
- 50%+ sell tax
- You lose most money on exit
- Effectively a honeypot
Solution:
- ✅ Only trade if Sell Tax < 20%
- ❌ Skip if Sell Tax > 30%
Issue 5: Blacklist Functions
Problem:
- Dev can block your wallet
- You cannot sell
- Money trapped
Solution:
- ✅ Check contract for blacklist functions
- ❌ Skip if blacklist functions found
Using Trading Bots for Automatic Checks
Bot Safety Features
Most Solana trading bots include automatic contract checks:
| Bot | Auto Checks | Manual Override | Safety Score |
|---|---|---|---|
| BullX | ✅ Yes | ✅ Yes | High |
| Trojan | ✅ Yes | ✅ Yes | High |
| Photon | ✅ Yes | ✅ Yes | High |
| GMGN | ✅ Yes | ✅ Yes | High |
How to Enable:
BullX:
- Settings → Safety
- Enable “Pre-Trade Contract Check”
- Set minimum safety threshold
Trojan:
- Use
/settingscommand - Enable “Safety Checks”
- Bot blocks unsafe trades
Photon:
- Dashboard → Security
- Enable “Auto Contract Verification”
- Configure risk tolerance
Best Practice: Always enable bot safety checks. They’re faster and more reliable than manual checks.
FAQ: Contract Security Checklist
Q1: Do I need to check every token before buying?
A: Yes, if you’re trading new/unknown tokens. For established tokens (like BONK, WIF), checks are less critical but still recommended.
Q2: How long does the full checklist take?
A: ~5 minutes for thorough check. Quick scan (Rugcheck) takes 30 seconds. Always do at least the quick scan.
Q3: What if a token passes all checks but still rugs?
A: Contract checks prevent technical scams, but not:
- Soft rugs (gradual liquidity drain)
- Social engineering
- Pump and dumps
Solution: Combine technical checks with fundamental analysis.
Q4: Can I skip checks if using a trading bot?
A: No. Bots help, but you should still verify manually. Use bot checks + manual verification for maximum safety.
Q5: What’s the most important check?
A: Honeypot detection. If you can’t sell, nothing else matters. Always check this first.
Q6: Are verified contracts always safe?
A: No. Verification means code is public, but it can still have dangerous functions. Always do full checklist.
Q7: What if LP is locked but only for 1 month?
A: Better than nothing, but risky. Prefer 6+ months. Be extra cautious with short locks.
Q8: Can a token become unsafe after I buy?
A: Yes, if:
- Dev activates freeze authority
- Dev pulls liquidity (if not locked)
- Contract has time-based restrictions
Solution: Check contract for dynamic restrictions.
Q9: Should I trust “audited” tokens?
A: Only if you can verify the audit. Many “audited” tokens are actually scams. Always do your own checks.
Q10: What’s the minimum checklist for quick trades?
A: At minimum, check:
- Honeypot: NO
- Mint Authority: Revoked
- Freeze Authority: Revoked
Time: 1 minute
The Bottom Line: Verify Before You Buy
Contract security checks aren’t optional—they’re essential.
The workflow:
- ✅ Always check before buying
- ✅ Use multiple tools (cross-verify)
- ✅ Enable bot safety checks
- ✅ Follow the complete checklist
- ✅ Never skip verification
Remember:
- One missed check = potentially thousands lost
- 5 minutes of checking = lifetime of protection
- Better to miss a pump than lose everything
Your money is your responsibility. Protect it.
Next Steps: Build Your Safety Stack
Learn More About Solana Security
- How to Use Honeypot Detectors - Step-by-step detector guide
- How to Identify Honeypot Scams - Red flags and warning signs
- Rug Pull Warning Signs - Learn to spot scams early
Use Safe Trading Bots
- BullX Review - Built-in contract verification
- Trojan Review - Automatic safety checks
- Photon Review - Advanced security features
Explore Our Safety Resources
- Settings Hub - Configure bots for maximum safety
- Glossary: Mint Authority - Learn the terminology
- Risk Disclaimer - Understand the risks
Disclaimer: This checklist is for educational purposes only. Contract security checks are not 100% accurate. Always do your own research and never invest more than you can afford to lose. Meme coin trading is extremely risky. See our full Risk Disclaimer.
