Token Audit

Token Audit is ChainAware's deep smart contract analysis product. Paste a token contract address, trigger a full audit, and get a verdict across 11 verification modules - covering ownership, liquidity, supply, transfer integrity, and more.

11
Verification Modules
6
Verdict Levels
7
Blockchains
127
Individual Findings

Supported chains: BNB Smart Chain · Ethereum · Polygon · Base · Arbitrum · Optimism · Avalanche


What Token Audit Checks

Every audit runs the contract through a multi-layer analysis pipeline - static code analysis, on-chain state reads, live liquidity checks, and behavioral signals - then aggregates the results into a single verdict with a 0-100 risk score.

Layer What It Does
Source code analysis Inspects every function in the contract for dangerous patterns - hidden sell gates, unauthorized balance writes, fee setters without caps, and more
On-chain state Reads live contract state - current owner, pause status, total supply, deployer holdings
Liquidity checks Discovers pools across all known DEXes (V2 and V3), checks TVL, LP lock status, and lock duration
Behavioral signals Cross-references the deployer and feeder wallet against 20M+ behavioral profiles for fraud probability

The Six Verdicts

Verdict Risk Score What It Means
CLEAN 0-24 No theft or rug mechanics found. Analysis passed every safety check.
SUSPICIOUS 25-49 Risky mechanics present. The code can hurt holders under certain conditions.
HIGH RISK 50-74 Owner-controlled rug vectors exist. One owner transaction could trap or drain holders.
HONEYPOT ≥ 75 You can buy - but you cannot sell. Simulation confirms sells are blocked.
THEFT ≥ 75 Funds are drained on transfer. Every transfer leaks value to the deployer.
UNVERIFIABLE - Source code not verified. Only partial bytecode analysis was possible.

Full verdict reference →


The 11 Modules

Each module runs independently and produces its own status (pass / fail / warn / n/a) and risk score. The aggregate verdict combines all module scores plus behavioral signals.

Module What It Checks
Live Simulation Buy + sell simulation on a forked chain (coming soon)
Ownership & Access Owner address, blast radius, capability flags, timelock
Liquidity & Pools Pool TVL, LP lock status, lock duration, known lockers
Supply & Mint Mint functions, supply caps, deployer concentration, burn integrity
Transfer Integrity Balance conservation, fee setters, unauthorized recipients
Pausability Pause/unpause access control, asymmetric pause patterns
Approve Integrity Allowance write paths, EIP-2612 permit detection
Permit (Gasless) Nonce, deadline, chainId, ecrecover verification
Reentrancy CEI violations, reentrancy guards, cross-function attack paths
Arithmetic & Fees Fee calculation and overflow patterns (coming soon)
Event Integrity ERC-20 event compliance (coming soon)

Full module reference →


How the Verdict Is Calculated

  1. Each module produces a risk score (0-100).
  2. Module scores are summed into a total_risk_score.
  3. A corroboration boost (+20) is applied when two high-severity findings point to the same owner address.
  4. The honeypot analysis adds its own score from pattern-matching the contract code.
  5. Behavioral signals (deployer fraud probability, behavioral honeypot flag) feed into the final aggregate.
  6. The aggregate maps the combined score to a verdict tier.

A module that returns n/a did not run - the feature it checks was not present in this contract. This is not the same as a pass.


Using Token Audit

Via the UI

Open chainaware.ai, select Token Audit from the Fraud Tech menu, choose a chain, paste a contract address, and click Audit.

Results are deep-linkable - share the URL directly:

https://chainaware.ai/audit/{chain}/{address}

Via the API

# Trigger an audit
POST /token-audit/{chain}/{address}/run

# Fetch results (poll until audit_status = "complete")
GET /token-audit/{chain}/{address}

Polling pattern: after triggering a run, poll GET every 1.5 seconds. Stop when audit_status is complete or error. Maximum 90 seconds.


Further Reading