Important: RegPilot scores reflect on-chain data at the time of check. Tokens can change after you buy — a high score does not guarantee future safety, project legitimacy, or investment returns. A low score signals risk but does not prove a token is definitively a scam. This is not financial advice. Always do your own research.
The 6 Risk Categories We Analyze
Contract Safety
Whether the token contract contains exploitable code patterns — honeypots, hidden tax functions, or backdoor admin controls that let the developer block your transactions.
- Honeypot detection — can you sell, or only buy?
- Tax / fee extraction — does the contract take a cut on every transfer?
- Unverified source — contract code not publicly verified
- Copied / cloned code — identical to known scam contracts
Authority Controls
Whether the development team retained powers that could freeze your funds, mint new tokens, or pause trading without warning.
- Freeze authority — can dev freeze your ability to transfer tokens? (Solana-specific)
- Mint authority — can new tokens be created after launch, diluting your holdings?
- Pause function — can trading be halted by the owner?
- Transfer fee — owner-controlled fee on all transfers
Liquidity
How much capital is locked in the AMM pools, and whether that liquidity can be withdrawn by the team at will.
- Total liquidity — USD value locked in DEX pools
- Lock status — is liquidity locked and for how long?
- Lock % of supply — are liquidity tokens burned or held by the team?
- LP holder distribution — who controls the liquidity pool tokens?
Holder Distribution
Whether a small number of wallets control an outsized share of the token supply — a common pre-rug signal.
- Top-10 concentration — % of supply held by top 10 wallets
- Dev / insider holdings — % held by known developer wallets
- Bundle activity — coordinated buying in the same block as launch (Solana)
- Fresh wallet risk — top holders created wallets shortly before launch
Audit & Source Verification
Whether the contract source code is publicly verified and whether any audit reports exist from credible firms.
- Source code verified — contract verified on block explorer
- Third-party audit — CertiK, Hacken, Paladin, or similar
- Deployer history — has this deployer launched other tokens? Any flagged?
- Listed on reputable trackers — CoinGecko, Jupiter, Uniswap
Trading Patterns
What the trading activity looks like — anomalies that signal coordinated manipulation or pre-planned exits.
- Trading velocity — unusually fast initial volume relative to age
- Bonding curve (Pump.fun) — abnormally fast completion signals coordinated buying
- Social presence — Twitter, Discord, website present and active
- Price stability — large swings or pump-and-dump patterns
What Affects the Score
The final score is a weighted combination of signals across all 6 categories. Higher weight goes to contract safety and holder distribution — those are the most predictive indicators of rug risk. Chain-specific signals (like freeze authority on Solana) are weighted for that ecosystem.
Score caps: New tokens (<72 hours old) are capped at 70 — insufficient trading history to validate a higher score. Tokens not listed on CoinGecko, Jupiter, or Uniswap are capped at 60. Tokens with less than $25K liquidity are capped at 50. These caps exist because low track record = high uncertainty.
What RegPilot Does NOT Do
Does not analyze the team
RegPilot checks on-chain data — wallet behavior, contract code, liquidity. We do not vet the human beings behind a project. A clean score does not mean the team is legitimate or acting in good faith.
Does not predict future performance
The score reflects the current on-chain state. A token that scores well today could rugged tomorrow — a dev could drain liquidity, abandon the project, or deploy malicious code updates. RegPilot is a snapshot, not a guarantee.
Does not prevent loss
Scores inform your decisions. RegPilot does not execute trades, interact with wallets, or have any ability to prevent you from sending funds to a smart contract. You remain responsible for your own transactions.
Does not cover every possible risk
DeFi exploits, oracle manipulation, flash loan attacks, and social engineering scams may not show up in on-chain signals until they happen. RegPilot is a strong signal — not a complete risk assessment.
Data Sources
RegPilot aggregates data from multiple on-chain and third-party sources. No single source is authoritative — the scoring engine cross-validates signals where possible.
Primary data sources
Statistics cited on this site
Check any token before you invest
Enter a Solana mint or EVM contract address. Results in under 30 seconds.
Check a Token Free →Weekly Digest
Token safety tips in your inbox
Rug pull case studies, new scam patterns, and RegPilot updates — weekly, no noise.