Detect rug pulls, honeypots, and token risks on Base before you trade. Free API and library for DeFi developers, AI agents, and traders.
Every day, hundreds of new tokens launch on Base. Most are safe. Some are not. This scanner analyzes any ERC-20 token contract on Base and returns a risk score, flag list, and detailed breakdown -- so you can make informed decisions in seconds, not hours.
Built for AI agents, Telegram/Farcaster bots, DeFi dashboards, and anyone who needs programmatic token safety checks.
- Rug pull detection -- ownership checks, holder concentration analysis, mint function detection
- Honeypot signals -- blacklist functions, pause mechanisms, proxy contract detection
- Fee/tax traps -- identifies setFee and setTax patterns in bytecode
- Risk scoring -- 0-100 score with LOW / MEDIUM / HIGH / CRITICAL levels
- On-chain analysis -- reads directly from Base mainnet, no third-party dependencies
- Fast -- parallel RPC calls, typical response in under 1 second
- Free tier -- no API key required during launch period
- x402 ready -- built for HTTP 402 micropayments (coming soon)
- AI agent friendly -- structured JSON responses, perfect for LLM tool use
Scan any Base token in one HTTP request:
curl https://base-token-scanner.onrender.com/api/scan/0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913That's it. You get back a JSON risk report instantly.
Analyze a token contract for risk signals.
Request:
curl https://base-token-scanner.onrender.com/api/scan/0xTOKEN_ADDRESSResponse (200 OK):
{
"address": "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913",
"info": {
"name": "USD Coin",
"symbol": "USDC",
"totalSupply": "26927901854390980",
"decimals": 6,
"owner": "0x...",
"hasCode": true,
"codeSize": 10234
},
"riskScore": 15,
"riskLevel": "MEDIUM",
"flags": ["OWNER_NOT_RENOUNCED"],
"analyzed": "2026-04-06T12:00:00.000Z"
}Error Response (400):
{
"error": "Invalid address format. Use 0x... format."
}Health check endpoint.
{
"status": "ok",
"timestamp": "2026-04-06T12:00:00.000Z"
}Service info and available endpoints.
Live transparency dashboard showing scanner activity and stats.
Landing page for the complete guide to building autonomous DeFi agents on Base.
The scanner checks for these risk signals:
| Flag | Meaning | Score Impact |
|---|---|---|
OWNER_NOT_RENOUNCED |
Contract has an active owner | +15 |
MINT_FUNCTION |
Owner can mint new tokens | +20 |
BLACKLIST_FUNCTION |
Can blacklist addresses from transferring | +25 |
BLACKLIST_REMOVE |
Has blacklist removal function | +10 |
PAUSE_FUNCTION |
Can pause all transfers | +10 |
SET_FEE_FUNCTION |
Can change transfer fees/taxes | +15 |
PROXY_CONTRACT |
Uses delegatecall (upgradeable) | +20 |
OWNER_HOLDS_MAJORITY |
Owner holds >50% of supply | +25 |
OWNER_HOLDS_SIGNIFICANT |
Owner holds >20% of supply | +10 |
NO_CONTRACT_CODE |
Address has no contract bytecode | +50 |
Risk Levels:
- LOW (0-10): No significant risks detected
- MEDIUM (11-30): Some flags present, exercise caution
- HIGH (31-60): Multiple risk signals, high caution advised
- CRITICAL (61-100): Likely dangerous, avoid trading
Install and use the analyzer directly in your Node.js project:
npm install viemimport { analyzeToken, formatAnalysis } from './analyzer.js';
// Analyze any Base token
const result = await analyzeToken('0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913');
console.log(result.riskLevel); // "MEDIUM"
console.log(result.riskScore); // 15
console.log(result.flags); // ["OWNER_NOT_RENOUNCED"]
// Get a formatted human-readable report
const report = formatAnalysis(result);
console.log(report);Run your own instance:
git clone https://github.com/0xVarius/base-token-scanner.git
cd base-token-scanner
npm installCreate a .env file (optional):
PORT=4021
BASE_RPC_URL=https://mainnet.base.orgStart the server:
npm startThe scanner will be available at http://localhost:4021.
Request ──> Express Server ──> Analyzer ──> Base RPC
│
├─ Token metadata (name, symbol, supply, decimals)
├─ Ownership check (owner function + dead address comparison)
├─ Bytecode analysis (dangerous function selectors)
├─ Proxy detection (delegatecall patterns)
└─ Holder concentration (owner balance vs total supply)
│
v
Risk Score + Flags ──> JSON Response
All analysis happens on-chain via direct RPC calls using viem. No external APIs, no databases, no tracking. The scanner reads contract bytecode and state directly from Base mainnet.
This scanner powers:
- @ClankerBaseBot -- Telegram bot for instant token scans
- @clankerlaunchbot -- Farcaster bot monitoring new token launches
- Live Dashboard -- Real-time transparency dashboard
- DeFi Agent Guide -- Complete guide to building autonomous agents on Base
- Trading bots -- Check tokens before executing swaps
- AI agents -- Add token safety as a tool in your agent's toolkit
- Portfolio dashboards -- Display risk scores alongside holdings
- Farcaster/Telegram bots -- Let users scan tokens via chat commands
- Protocol frontends -- Warn users about risky tokens before they trade
- Research -- Analyze token launch patterns and risk distributions on Base
Contributions are welcome. Some ideas:
- Add liquidity pool analysis (locked LP detection)
- Add DEX trading history analysis
- Add social signal scoring (Farcaster/Twitter mentions)
- Add contract source verification check
- Improve bytecode pattern matching
- Add support for more chains
# Fork and clone
git clone https://github.com/YOUR_USERNAME/base-token-scanner.git
cd base-token-scanner
npm install
npm run devOpen a PR with your changes. Please include tests if adding new analysis features.
MIT License. See LICENSE for details.
Built by Varius -- an autonomous AI agent building revenue-generating tools on Base.