Free Solana Rug Check: 0–100 Trust Score in 5 Seconds

Paste a Mint, Get a Score

Yesterday we published the 5-flag manual checklist for spotting a Solana rug pull. The feedback we kept seeing was the same: "this is great but I'm not opening four tabs every time I see a ticker."

Fair. So we shipped the automated version.

solfoundry.io/rug-check — paste any Solana mint, get a 0–100 trust score with a color-coded verdict in under 5 seconds. Free, stateless, no signup.

This post explains what the scanner checks, what it doesn't, and the two technical decisions that make it different from the obvious alternatives.

How the Solana Rug Check Works

No login. No wallet connect. No query log saved.

When you paste a mint, the server reads on-chain state via standard Solana RPC calls — the same data anyone with a node can pull. Results are cached for 5 minutes per mint (Solana token metadata rarely changes, so re-running the same check immediately would just waste compute).

The scoring is deterministic and documented. Every flag has a max-points value, and the total adds up to 100. No black box, no proprietary "AI risk model" — just the structural checks you'd run yourself, automated.

The 5 On-Chain Flags We Score

The scanner runs five checks against the mint account, holder list, and (when present) token metadata. Each is rooted in a real rug vector that has burned holders before.

Mint Authority Revoked (+30)

The single most important check. If the creator can still mint new tokens, the supply isn't actually fixed. They can wake up and 10x the supply into their own wallet, then dump.

A clean launch revokes mint authority on day one. The scanner reads mintAuthority from the parsed mint account — null (or None in the explorer UI) is green.

Edge case: regulated stablecoins like USDC and PYUSD legitimately keep their mint authority active for compliance and supply management. We handle this in the verified token whitelist — more on that below.

Freeze Authority Revoked (+30)

If freeze authority is active, the dev can freeze your wallet's tokens — making them unsellable while they exit through theirs. This is the cleanest exit-scam vector on Solana, because it doesn't require dumping or pulling liquidity. They just lock you in place.

Same source: freezeAuthority on the mint account. Should be null.

Top 10 Holder Concentration (+25, sliding)

Concentration drives dump risk. If 10 wallets hold 30%+ of the float, one coordinated sell wipes the chart. Healthy launches keep top 10 under 20%.

We pull the largest token accounts and sum their balances. The catch — and this is the part that matters: we exclude liquidity pool wallets and burn addresses before calculating concentration. More on that in the next section.

Scoring is sliding: under 15% = full 25 points, 15–25% = partial credit (e.g. 23.5% earns +18), over 30% = zero.

Metadata Authority Revoked (+15)

If the metadata authority is active, the dev can rename the token, swap the logo, change the symbol — after you bought. That blue-chip ticker you aped into can become a different coin overnight.

The scanner reads the Metaplex metadata account (or the Token-2022 metadata extension) and checks the updateAuthority field. Permanent metadata is green.

Token-2022 has a subtle wrinkle here: the metadata pointer can stay active even when the metadata's update authority is revoked. We treat the inner tokenMetadata.updateAuthority as the load-bearing field, since that's what controls actual content updates.

Token Standard, Supply, LP Depth (info only)

Three contextual signals that aren't scored but show up in the result page:

• Token standard: Classic SPL vs Token-2022 (with extensions list). Token-2022 isn't a red flag — it just means the token can carry transfer hooks, fees, or other behaviors worth understanding before buying.
• Supply: the actual minted supply, useful for sanity-checking whether "fixed supply" claims match reality.
• LP depth: total liquidity in the largest pool. Shallow LP isn't a rug, but it does tell you slippage will be brutal.

We don't score these because they're noisy on fresh launches. A new token with $5K LP and a five-figure supply isn't a rug — it's just early.

What Makes Our Rug Checker Different

Two design choices set this apart from the easy alternatives.

We Detect Liquidity Pool Wallets

Most "top 10 holder" tools count the LP wallet as if it were a person. That's structurally wrong. LP tokens represent locked liquidity, not a holder who can dump.

We classify each top-holder address by its account owner program. If the owner is a known DEX program — Meteora DAMM v2, Raydium AMM, Orca, Lifinity, Phoenix — we exclude that address from the concentration math. Same for known burn addresses (the canonical incinerators on Solana).

The result: "top 10 humans" reflects real concentration risk, not a number inflated by the protocol holding the LP.

This matters most for fresh launches. A token with all liquidity locked on Meteora will look like 60% top-10 concentration to most scanners — because the LP wallet shows up holding 40%. After our exclusion, the same token reports a healthy 20% top-10 humans, which is the actual risk you're taking.

Verified Token Whitelist (24 entries)

Some tokens legitimately need active mint or freeze authorities and would otherwise score badly under a strict rubric:

• Stablecoins (USDC, USDT, PYUSD) need mint authority to expand supply with reserves and freeze authority for compliance enforcement.
• Wrapped tokens (wETH, wBTC) need mint/freeze for cross-chain bridge mechanics.
• Liquid staking tokens (jSOL, mSOL, bSOL, JitoSOL) need active authorities for stake operations.

If we treated these strictly, the scanner would flag tens of billions of dollars in legitimate liquidity as "high risk." That's worse than useless — it trains users to ignore real warnings.

So we maintain a verified whitelist of 24 well-known tokens. When the scanner detects one, it tags the result as Verified and shows a context banner explaining why active authorities are expected for that specific token. The score still reflects the underlying state, but the verdict communicates the legitimate context.

The whitelist is conservative — only tokens with deep liquidity, multi-year track records, and clear regulatory or technical justification for their authority configuration. We'd rather miss a borderline-legit token than green-light a future rug.

What It Doesn't Catch

Honest scope:

• Insider wallet networks — coordinated wallets that aren't in the top 10 individually but collectively control supply. Detecting this needs cluster analysis we don't run.
• Off-chain reputation — dev's history, prior projects, doxxed status. We read the chain, not the social graph.
• Smart contract audits — rare for Solana SPL tokens but exist for some protocols. Not in scope.
• LP lock duration — we check that liquidity exists, but verifying lock duration needs DEX-specific lookups. DexScreener shows this directly via the lock badge.
• Soft rugs — gradual abandonment, dev going silent, pulling marketing. Structural rugs are easier to automate.

For deeper research, combine our scanner with RugCheck.xyz (broader heuristics, social signals) and DexScreener (LP lock duration, real-time chart). Different tools, different angles.

Try It — Real Example with $BURN

We used Burncoin ($BURN) as the 5/5 green example in yesterday's manual checklist. Here's the same token through the automated scanner:

• Score: 90/100 — Excellent
• Mint authority: Revoked ✅ (+30/30)
• Freeze authority: Revoked ✅ (+30/30)
• Metadata authority: Revoked ✅ (+15/15)
• Top 10 humans: 23.5% ✅ (+15/25 — sliding scale: under 10% earns full 25, 23.5% lands in the "typical for established tokens" band)
• Liquidity & lock: $6.7K pool depth on Raydium (info only)

All five structural rug vectors are closed. The dev cannot drain it. The 10-point gap from a perfect 100 reflects mid-range top-10 concentration — not a red flag, just less-than-ideal distribution. Same token, same checks, now in 5 seconds instead of 5 tabs.

How to Use the Scanner

1. Copy the mint address — from Solscan, DexScreener, or any X cashtag link.
2. Paste at solfoundry.io/rug-check — input field is on the landing page.
3. Read the score and flag breakdown — the result page links out to Solscan and DexScreener for verification.
4. Cross-check on DexScreener — for LP lock duration, which we don't check.

Tip: every result lives at /rug-check/<mint>. Those URLs are stable and shareable — bookmark them, drop them in group chats, send them to the friend who keeps getting rugged.

FAQ

What is a Solana rug check?

A Solana rug check is an on-chain analysis that flags whether a token has the structural vulnerabilities used in past rug pulls — open mint authority, active freeze authority, concentrated holdings, or mutable metadata. It does not predict price; it tells you whether the dev still has the technical capability to drain or rebrand the token after launch.

How accurate is the SolFoundry rug check?

It accurately reports the on-chain state of every flag we check — the score is deterministic from data anyone can verify on Solscan. What it can't predict is intent: a dev with all authorities revoked can still abandon the project, fail to deliver, or pull a soft rug. Use the score as a hard floor (below 60 = walk) and pair it with off-chain research for tokens above that threshold.

Does the tool save my queries?

No. The scanner is stateless — your input mint isn't logged or associated with any session. We do cache the result per mint for 5 minutes server-side (anonymous, just the on-chain analysis), to avoid re-fetching the same data when a token starts trending.

Why does my token score below 100?

Most common reasons: a non-LP wallet (founder, team treasury, market maker) is in the top 10 holders, the metadata update authority hasn't been revoked yet, or you're using Token-2022 with the metadata pointer still active. The flag breakdown explains exactly which check failed and how to verify on Solscan.

How is this different from RugCheck.xyz?

Different angles, both useful. RugCheck.xyz scans broader signals — insider wallet clusters, social presence, similar-token comparisons. We focus tightly on the five structural flags with stricter holder-concentration math (LP wallet exclusion) and a verified token whitelist for legitimate edge cases. Use both for any meaningful position size.

Built by Token Creators, for Token Buyers

SolFoundry is a Solana token launchpad. Every token we mint has authorities revoked on day one and liquidity locked permanently on Meteora — by default, not as an upgrade. We built the buyer-side rug checker because it makes our trust positioning verifiable. The same checks that determine whether someone should buy your token are the checks our launch flow already passes.

If you're building a token: launch on SolFoundry and your mint passes 4 of the 5 flags by default — only the holder concentration depends on your tokenomics.

If you're buying: solfoundry.io/rug-check is free forever. No signup. No query log. No paywall.