Smart Contract Red Flags: How to Spot a Rug Pull Before It Happens

The promise of decentralized finance is that code replaces trust. Smart contracts execute automatically, transparently, and without intermediaries. But this same power that makes DeFi revolutionary also makes it dangerous: when the code itself is designed to steal from you, there is no customer service department to call.

Rug pulls -- where a project's creators drain liquidity or manipulate a token's smart contract to steal investor funds -- have become one of the most devastating forms of crypto fraud. In 2025 alone, rug pulls accounted for an estimated $2.8 billion in losses across the DeFi ecosystem. The worst part? Many of these could have been detected in advance by analyzing the smart contract code.

This guide breaks down the most common smart contract red flags that indicate a rug pull is being planned, explains the mechanics behind each exploit, and shows how ScamLens Contract Analyzer can help you avoid becoming a victim.

What Is a Rug Pull?

A rug pull occurs when the creators of a cryptocurrency project intentionally abandon it after extracting maximum value from investors. The term comes from the idiom "pulling the rug out from under someone" -- everything seems stable until suddenly it is not.

Rug pulls come in several forms:

• Liquidity theft: The project creator removes all liquidity from a decentralized exchange, making the token impossible to sell
• Token dumping: Creators mint massive amounts of tokens and sell them into the market
• Backdoor exploits: Hidden functions in the smart contract allow the creator to drain funds, freeze trading, or manipulate prices
• Gradual soft rugs: Slowly increasing sell taxes or reducing functionality until the token becomes worthless

The common thread is that the smart contract was designed from the beginning to benefit the creator at the expense of everyone else.

The 7 Most Dangerous Smart Contract Red Flags

1. Hidden Mint Functions

A hidden mint function allows the contract owner to create new tokens at will, without any cap or restriction. This is the most straightforward rug pull mechanism: the owner waits for the token to gain value, mints millions of new tokens, and dumps them on the market.

How it works: The contract includes a function (often obfuscated with a misleading name like _updateRewards or _rebase) that calls the internal _mint function. Only the owner can call it, and there is no maximum supply check.

What to look for: Any function that can increase total supply and is restricted to the owner address. ScamLens flags this as a critical risk because it means the token's supply is not actually fixed.

Real example: In 2024, the SQUID token (Squid Game token) included a hidden mint function disguised as a "game reward" mechanism. Creators minted 10 trillion tokens and dumped them, crashing the price by 99.99% in minutes.

2. Honeypot Contracts

A honeypot is a token that you can buy but cannot sell. The smart contract includes hidden restrictions on the transfer or approve functions that prevent anyone except the owner from selling tokens.

How it works: The contract may include a whitelist that only allows specific addresses to sell, a blacklist that blocks all addresses except the owner, or time-based restrictions that never actually unlock. Some sophisticated honeypots allow small sells to pass (to avoid detection) but block any sell above a certain amount.

What to look for: Restrictions on the transfer function that reference owner-controlled variables, blacklist/whitelist mechanisms, or conditional logic that could prevent selling. ScamLens simulates buy and sell transactions to detect honeypots that might not be obvious from code review alone.

3. Selfdestruct Capability

The selfdestruct opcode in Solidity permanently destroys a smart contract and sends its remaining ETH balance to a specified address. While this has legitimate uses, in a malicious token contract, selfdestruct can be used to destroy the contract after funds have been deposited, sending all contract-held tokens or ETH to the attacker.

What to look for: Any reference to selfdestruct or suicide (the deprecated alias) in the contract code. Post-Dencun upgrade (EIP-6780), selfdestruct behavior has changed, but older contracts may still contain this vulnerability.

4. Modifiable Tax/Fee Functions

Many tokens include buy and sell taxes that fund development, marketing, or liquidity. This is normal. What is not normal is when the contract owner can change these taxes to any percentage after deployment.

How it works: The contract includes a setFee or updateTax function that allows the owner to set buy/sell taxes to any value, sometimes up to 100%. The owner launches the token with a reasonable 2-3% tax, waits for investors to buy in, then increases the sell tax to 99%, effectively trapping everyone's funds.

What to look for: Fee-setting functions without maximum limits. A responsible contract caps fees (typically at 10-15%) and ideally includes a timelock. ScamLens checks whether tax functions have upper bounds and flags contracts where fees can exceed 25%.

5. Proxy Contract Patterns

Proxy contracts use a delegatecall pattern that allows the contract's logic to be changed after deployment. While proxy patterns are legitimate (used by major projects like Uniswap and OpenZeppelin), they can also be used maliciously to change a token's behavior after it has been audited or reviewed.

How it works: The token contract delegates all calls to an implementation contract. The owner can change which implementation contract is used, effectively rewriting all of the token's logic. A contract that passes all security checks today could be upgraded to a honeypot tomorrow.

What to look for: Usage of delegatecall, ERC1967Proxy, or similar upgrade patterns. Check whether the upgrade function has a timelock or multi-sig requirement. ScamLens identifies proxy contracts and warns users that the code they see today may not be the code that executes tomorrow.

6. Owner-Controlled Trading Pauses

Some contracts include a pause function that allows the owner to halt all trading. While this can serve as an emergency brake for legitimate projects, it is also used by scammers to prevent selling during a dump.

How it works: The contract includes a paused state variable that, when activated, blocks all transfer calls. The owner can pause trading, dump their tokens through an exempted address, then unpause (or not).

What to look for: Pausable contracts where the owner address is exempt from the pause. ScamLens checks whether trading pauses apply equally to all addresses or if the owner has special exemptions.

7. Liquidity Lock Absence

When a token is launched on a DEX, the creator adds liquidity (a pair of the new token and ETH/USDT). If this liquidity is not locked, the creator can simply withdraw it at any time, making the token impossible to sell.

What to look for: Check whether LP tokens are locked in a reputable locking contract (like Team.Finance or Unicrypt) and for how long. ScamLens verifies liquidity lock status and duration, flagging tokens with unlocked or short-duration locks.

How ScamLens Contract Analyzer Works

ScamLens Contract Analyzer performs automated security analysis on any token contract across supported EVM chains. Here is what happens when you submit a contract address:

1. Source code retrieval: ScamLens fetches the verified source code from the blockchain explorer
2. Static analysis: The code is scanned for all known red flag patterns including hidden mints, honeypot logic, modifiable fees, and selfdestruct calls
3. Behavioral simulation: Buy and sell transactions are simulated to detect honeypots that may not be visible in static analysis
4. Ownership analysis: The contract's owner address is profiled for risk indicators
5. Liquidity assessment: LP token lock status, lock duration, and liquidity depth are verified
6. Risk scoring: All findings are combined into an overall risk grade with detailed explanations

You can analyze any token contract with ScamLens for free. The analysis takes seconds and could save you from a devastating loss.

Real-World Rug Pull Anatomy: A Case Study

Let us walk through a real rug pull to see how these red flags manifest in practice.

Project: "MoonDAO" (fictitious name for privacy, real incident)
Chain: BNB Smart Chain
Date: March 2025

The token launched with heavy promotion on Telegram and Twitter, claiming to be a "community-governed DeFi protocol." Initial analysis would have revealed:

1. Hidden mint: The rewardDistributor function could mint unlimited tokens (Red Flag #1)
2. Modifiable tax: The setMarketingFee function had no upper limit (Red Flag #4)
3. No liquidity lock: LP tokens sat in the deployer's wallet (Red Flag #7)
4. Owner exemptions: The owner address was exempt from all transfer restrictions (Red Flag #6)

Two weeks after launch, with $1.8M in liquidity:

• The owner increased sell tax to 99%
• Minted 500 billion new tokens
• Removed all liquidity
• Price dropped from $0.003 to $0.0000001

Every single one of these red flags was detectable before launch. ScamLens would have flagged this contract as high-risk immediately.

How to Protect Yourself

Before investing in any new token:

1. Run a contract analysis: Use ScamLens Contract Analyzer to check for red flags
2. Verify liquidity locks: Ensure LP tokens are locked for at least 6 months in a reputable locker
3. Check ownership: Is the contract ownership renounced? If not, who controls it?
4. Read the code: If the contract is not verified (source code not published), do not invest
5. Check the deployer wallet: Use ScamLens to profile the address that deployed the contract
6. Verify audit claims: Many scam tokens claim to be "audited" but the audit is fake or from an unknown firm

Red flag scoring cheat sheet:

Red Flag	Risk Level	What It Means
Hidden mint function	Critical	Supply can be inflated at any time
Honeypot logic	Critical	You may not be able to sell
Selfdestruct	High	Contract can be destroyed
Unlimited fee changes	High	Sell tax could go to 99%
Upgradeable proxy (no timelock)	High	Contract logic can change
Owner-exempt pause	Medium	Owner can freeze trading
Unlocked liquidity	Medium	Creator can pull liquidity

The Future of Smart Contract Security

As DeFi matures, tools like ScamLens are making smart contract analysis accessible to everyone, not just developers and auditors. The information asymmetry that scammers exploit -- their understanding of code versus investors' trust -- is shrinking.

Automated analysis cannot catch every possible exploit, but it can detect the vast majority of common rug pull patterns. By making contract analysis a standard step before any token investment, the crypto community can dramatically reduce the success rate of these scams.

Conclusion

Smart contract rug pulls are preventable. The red flags are well-documented, the patterns are recognizable, and the tools to detect them are available for free. The challenge is not technical -- it is behavioral. Too many investors skip due diligence because they are afraid of missing out on the next big token.

Do not be one of them. Before you invest in any new token, take 30 seconds to run it through ScamLens Contract Analyzer. The next rug pull you avoid could save you everything you would have invested.

Remember: in DeFi, the code is the product. If the code is designed to steal from you, no amount of marketing, community hype, or influencer endorsement can change that. Trust the analysis, not the promises.