Skip to main content
All Levels10 min

Token Security Checklist

Before announcing your token to the public, run through this security checklist. Every item either eliminates a specific risk or builds trust with potential holders.

Pre-launch checklist

Mint authority revoked (Solana)Critical

No one can mint new tokens. Supply is permanently fixed.

Freeze authority revoked (Solana)Critical

No wallet can ever be frozen. Holders can always transfer.

Contract ownership renounced (EVM)Critical

No admin can change parameters, mint, or pause.

Liquidity pool tokens burnedCritical

Liquidity is permanently locked. No rug pull possible.

Metadata immutable (Solana)High

Token name, symbol, image, and description can never be changed.

Contract verified on block explorerHigh

Source code matches deployed bytecode. Transparent audit trail.

Token distribution is diverseHigh

No single wallet holds more than 10% of supply (excluding burned LP).

Team tokens are vestedMedium

Founder allocation is locked with a vesting schedule.

Initial liquidity is sufficientMedium

$5,000+ for smooth trading; lower creates excessive slippage.

Website and socials existMedium

Project has a real online presence, not just a token.

Documentation is publicLow

Tokenomics, roadmap, and team info are accessible.

Community channels are activeLow

Twitter, Discord, or Telegram with real engagement.

Red flags to avoid

If your token has any of these traits, buyers will likely flag it as a potential scam. Fix these before launching.

  • - Mint authority still held by a single wallet
  • - LP tokens not burned (liquidity can be removed)
  • - Single wallet holds 50%+ of supply
  • - No website or social media presence
  • - Anonymous team with no track record
  • - Unrealistic promises ("1000x returns guaranteed")
  • - Contract not verified on block explorer
  • - Sudden large transfers to unknown wallets

Implement with free tools

Revoke Mint AuthorityFREE
Lock Solana supply
Revoke Freeze AuthorityFREE
Guarantee transfers
Make Token ImmutableFREE
Lock metadata
Renounce Ownership (Base)FREE
Decentralize Base ERC-20
Renounce Ownership (ETH)FREE
Decentralize Ethereum ERC-20
Burn LP TokensFREE
Lock liquidity forever

Related

What Is a Rug Pull?
How to detect and prevent
How to Revoke Authority
Detailed guide
Launch Checklist
Full launch playbook

FAQ

What makes a token "safe"?

A safe token has three properties: fixed supply (mint authority revoked or ownership renounced), locked liquidity (LP tokens burned), and transparent distribution (no whale wallet can crash the price). No token is 100% risk-free — market risk always exists — but these properties eliminate the biggest risks of outright scams.

Do I need a smart contract audit?

For standard SPL tokens and ERC-20 contracts deployed via CoinDevTools, no — the underlying contracts are battle-tested by millions of tokens. For custom-coded tokens with unique logic, yes — hire an auditor ($5,000-50,000+ depending on complexity). The risk of unaudited custom code is significant.

How do I verify my token is secure?

Check on Solscan (Solana), Etherscan (Ethereum), or Basescan (Base): mint authority should be null/zero address, freeze authority should be null, contract should be verified, and LP tokens should be burned (sent to dead address or locked). All of this is publicly verifiable.

Can CoinDevTools guarantee my token is secure?

CoinDevTools provides the tools to implement security best practices (revoke authorities, burn LP, make immutable) but cannot guarantee security. You must actually use the tools. A token that hasn't revoked its mint authority is not decentralized, regardless of what platform created it.