Skip to main content
GET
/
2
/
token
/
security
Get Token Security Information
curl --request GET \
  --url https://demo-api.mobula.io/api/2/token/security
{
  "data": {
    "address": "<string>",
    "chainId": "<string>",
    "contractHoldingsPercentage": 123,
    "contractBalanceRaw": "<string>",
    "burnedHoldingsPercentage": 123,
    "totalBurnedBalanceRaw": "<string>",
    "buyFeePercentage": 123,
    "sellFeePercentage": 123,
    "transferFeePercentage": 123,
    "maxWalletAmountRaw": "<string>",
    "maxSellAmountRaw": "<string>",
    "maxBuyAmountRaw": "<string>",
    "maxTransferAmountRaw": "<string>",
    "isLaunchpadToken": true,
    "top10HoldingsPercentage": 123,
    "top50HoldingsPercentage": 123,
    "top100HoldingsPercentage": 123,
    "top200HoldingsPercentage": 123,
    "isMintable": true,
    "isFreezable": true,
    "proTraderVolume24hPercentage": 123,
    "transferPausable": true,
    "isBlacklisted": true,
    "isHoneypot": true,
    "isNotOpenSource": true,
    "renounced": true,
    "locked": "<string>",
    "isWhitelisted": true,
    "balanceMutable": true,
    "lowLiquidity": "<string>",
    "burnRate": "<string>",
    "modifyableTax": true,
    "selfDestruct": true,
    "staticAnalysisDate": "<string>",
    "liquidityBurnPercentage": 123,
    "securityScore": 123,
    "securityScoreUpdatedAt": "<string>",
    "securityScoreDetails": {
      "base": 123,
      "killed": true,
      "killReason": "<string>",
      "hardKill": {
        "id": "<string>",
        "reason": "<string>",
        "description": "<string>",
        "meta": {}
      },
      "checks": [
        {
          "id": 8,
          "name": "<string>",
          "delta": 123,
          "rawDelta": 123,
          "cap": 123,
          "cexAdjusted": true,
          "meta": {}
        }
      ],
      "hardFloors": [
        {
          "id": "<string>",
          "description": "<string>",
          "maxScore": 123,
          "meta": {}
        }
      ],
      "cexMultiplier": 123,
      "tier1Cexes": [
        "<string>"
      ],
      "inputs": {
        "chainId": "<string>",
        "address": "<string>",
        "liquidityUSD": 123,
        "marketCapUSD": 123,
        "volume24hUSD": 123,
        "organicVolume24hUSD": 123,
        "organicRatio": 123,
        "priceChange24hPct": 123,
        "holdersCount": 123,
        "top10HoldingsPct": 123,
        "lpHoldingsPct": 123,
        "bundlersCount": 123,
        "bundlersHoldingsPct": 123,
        "insidersCount": 123,
        "insidersHoldingsPct": 123,
        "snipersCount": 123,
        "snipersHoldingsPct": 123,
        "devHoldingsPct": 123,
        "proTradersCount": 123,
        "proTradersHoldingsPct": 123,
        "deployerTokensCount": 123,
        "deployerMigrationsCount": 123,
        "migrationRate": 123,
        "tier1Cexes": [
          "<string>"
        ],
        "cexMultiplier": 123,
        "ageDays": 123,
        "bondedAgeDays": 123,
        "securityFlags": {},
        "securitySourcesAvailable": [
          "<string>"
        ],
        "liquidityMaxUSD": 123
      },
      "rawScore": 123,
      "finalScore": 123,
      "computedAt": "<string>"
    },
    "liquidityAnalysis": [
      {
        "poolAddress": "<string>",
        "poolType": "<string>",
        "burnedPercentage": 123,
        "lockedPercentage": 123,
        "contractPercentage": 123,
        "unlockedPercentage": 123,
        "topHolders": [
          {
            "address": "<string>",
            "percentage": 123,
            "protocol": "<string>"
          }
        ]
      }
    ]
  },
  "hostname": "<string>"
}

Documentation Index

Fetch the complete documentation index at: https://docs.mobula.io/llms.txt

Use this file to discover all available pages before exploring further.

Overview

The Token Security endpoint provides detailed security and restriction data for tokens on EVM and Solana chains. It aggregates data from multiple sources to identify potential red flags, holding distributions, fee structures, transfer limitations, contract risks, and minting/freezing capabilities that may affect trading.

Data Sources

Security data is aggregated from multiple sources for comprehensive analysis:
SourceDescriptionChain Support
GoPlus APIPrimary security provider analyzing contract bytecode and on-chain behavior for honeypots, taxes, ownership, blacklists, and moreEVM + Solana
Static Code AnalysisDeep source code analysis that detects hidden risks in verified contracts (balance manipulation, hidden minting, honeypot mechanisms)EVM only
On-chain RPCDirect blockchain queries for real-time data (holdings, max limits, mint/freeze authorities)EVM + Solana
IsHoneypot ServiceSpecialized honeypot detection via simulated tradesEVM only

Static Code Analysis Details

For EVM tokens with verified source code on block explorers (Etherscan, etc.), our static analysis can detect:
  • Balance manipulation (balanceMutable): Hidden functions that allow arbitrary balance modifications
  • Minting capabilities (isMintable): Hidden or obfuscated minting functions
  • Transfer restrictions (transferPausable): Mechanisms to pause or block transfers
  • Blacklist/Whitelist (isBlacklisted, isWhitelisted): Address restriction mechanisms
  • Tax manipulation (modifyableTax): Ability to change fees after deployment
  • Honeypot mechanisms (isHoneypot): Code patterns preventing sells
  • Self-destruct (selfDestruct): Contract can be destroyed, stealing funds
Static analysis runs on tokens meeting liquidity thresholds and takes precedence over other sources when it detects risks.

GET Method - Single Item Query

Retrieve security information for a single token.

Query Parameters

  • blockchain (required) — The blockchain identifier (e.g., evm:1, evm:56, solana:solana, ethereum, bsc)
  • address (required) — Token contract address

Step-by-Step Tutorial and Video Walkthrough

  • Check out the guide: Here

Usage Examples

curl -X GET "https://api.mobula.io/api/2/token/security?blockchain=evm:1&address=0xe538905cf8410324e03a5a23c1c177a474d59b2b"

curl -X GET "https://api.mobula.io/api/2/token/security?blockchain=solana:solana&address=FMhPkAX5XLA2n6KvBqUTML5JLCdHZ7v2H4BfAbUucSuz"

Response Format

{
  "data": {
    "address": "0xe538905cf8410324e03a5a23c1c177a474d59b2b",
    "chainId": "evm:1",
    "contractHoldingsPercentage": 2.5,
    "contractBalanceRaw": "25000000000000000000000",
    "burnedHoldingsPercentage": 45.8,
    "totalBurnedBalanceRaw": "458000000000000000000000",
    "buyFeePercentage": 5.0,
    "sellFeePercentage": 5.0,
    "transferFeePercentage": 0.0,
    "maxWalletAmountRaw": "1000000000000000000000",
    "maxSellAmountRaw": "500000000000000000000",
    "maxBuyAmountRaw": "750000000000000000000",
    "maxTransferAmountRaw": "500000000000000000000",
    "isLaunchpadToken": false,
    "top10HoldingsPercentage": 45.2,
    "top50HoldingsPercentage": 68.5,
    "top100HoldingsPercentage": 82.1,
    "top200HoldingsPercentage": 91.3,
    "isMintable": false,
    "isFreezable": false,
    "proTraderVolume24hPercentage": 12.5,
    "transferPausable": false,
    "isBlacklisted": false,
    "isHoneypot": false,
    "isNotOpenSource": false,
    "renounced": true,
    "locked": "0.8500",
    "isWhitelisted": false,
    "balanceMutable": false,
    "lowLiquidity": null,
    "burnRate": "0.4580",
    "modifyableTax": false,
    "selfDestruct": false,
    "staticAnalysisStatus": "completed",
    "staticAnalysisDate": "2026-01-09T10:30:00.000Z",
    "liquidityBurnPercentage": 85.5,
    "liquidityAnalysis": [
      {
        "poolAddress": "0xa43fe16908251ee70ef74718545e4fe6c5ccec8f",
        "poolType": "uniswap-v2",
        "burnedPercentage": 36.4,
        "lockedPercentage": 0.0,
        "contractPercentage": 0.8,
        "unlockedPercentage": 62.8,
        "topHolders": [
          { "address": "0x371d986236...", "percentage": 31.8, "type": "unlocked", "protocol": null },
          { "address": "0x000000000000000000000000000000000000dead", "percentage": 20.6, "type": "burned", "protocol": null },
          { "address": "0x663a5c229c...", "percentage": 16.2, "type": "locked", "protocol": "Unicrypt" }
        ]
      }
    ]
  }
}

Response Fields

Core Fields

  • address (string) — Token contract address (checksummed for EVM)
  • chainId (string) — Blockchain chain ID (e.g., evm:1, solana:solana)

Holdings Analysis

  • contractHoldingsPercentage (number | null) — Percentage of total supply held by the contract itself. High values (>10%) may indicate centralization risks or potential honeypot mechanisms. EVM only.
  • contractBalanceRaw (string | null) — Raw balance of tokens held by the contract address (in smallest unit). EVM only.
  • burnedHoldingsPercentage (number | null) — Percentage of total supply sent to dead/burn addresses. Higher values generally indicate deflationary tokenomics. EVM only.
  • totalBurnedBalanceRaw (string | null) — Raw total balance of tokens sent to burn addresses (in smallest unit). EVM only.

Holder Distribution

  • top10HoldingsPercentage (number | null) — Percentage of total supply held by the top 10 holders (excluding liquidity pools). High concentration may indicate whale risk.
  • top50HoldingsPercentage (number | null) — Percentage of total supply held by the top 50 holders (excluding liquidity pools).
  • top100HoldingsPercentage (number | null) — Percentage of total supply held by the top 100 holders (excluding liquidity pools).
  • top200HoldingsPercentage (number | null) — Percentage of total supply held by the top 200 holders (excluding liquidity pools).

Fee Structure

  • buyFeePercentage (number) — Fee percentage charged on buy transactions (0-100 scale). Extracted from the token contract’s security configuration.
  • sellFeePercentage (number) — Fee percentage charged on sell transactions (0-100 scale). Extracted from the token contract’s security configuration.
  • transferFeePercentage (number) — Fee-on-transfer tax applied to user-to-user transfers (0-100 scale). Measured on-chain via a two-hop ERC20 transfer in the honeypot simulation (whale → intermediary → recipient) to avoid whale-side fee exemptions, reconciled with the higher of the simulation / honeypot.is value. EVM only (Solana tokens return 0).

Transfer Restrictions (EVM Only)

These fields attempt to query various common function names used by contracts to restrict transfers:
  • maxWalletAmountRaw (string | null) — Maximum token balance an address can hold (in wei/smallest unit). Null if no restriction exists.
    • Common function names checked: _maxWalletToken, maxWalletToken, maxWallet, _maxWalletBalance, maxWalletAmount, _maxWalletSize, MaxWalletSize, _walletMax, maxWalletSize
  • maxSellAmountRaw (string | null) — Maximum amount that can be sold in a single transaction (in wei/smallest unit). Null if no restriction exists.
    • Common function names checked: maxSellTransactionAmount, maxSellAmount
  • maxBuyAmountRaw (string | null) — Maximum amount that can be bought in a single transaction (in wei/smallest unit). Null if no restriction exists.
    • Common function names checked: maxBuyTransactionAmount, maxBuyAmount, maxBuy
  • maxTransferAmountRaw (string | null) — Maximum transaction amount regardless of buy/sell direction (in wei/smallest unit). Null if no restriction exists.
    • Common function names checked: _maxTransactionAmount, _maxTxAmount, maxTransactionAmount, MaxTxAmount, maxTransferAmount, maxTrxnAmount

Token Capabilities

  • isMintable (boolean | null) — Whether the token can have additional supply minted.
    • Solana: Determined via RPC by checking if mintAuthority is set on the mint account
    • EVM: Determined from GoPlus or static analysis if available
    • Source: GoPlus API, Static Code Analysis, On-chain RPC (Solana)
  • isFreezable (boolean | null) — Whether token accounts can be frozen by an authority.
    • Solana: Determined via RPC by checking if freezeAuthority is set on the mint account
    • EVM: Returns null (not applicable)

Contract Security Flags

These flags indicate potential security risks detected by GoPlus and/or static code analysis:
  • isHoneypot (boolean | null) — Whether the token is identified as a honeypot (can buy but cannot sell).
    • Source: GoPlus API, Static Code Analysis, IsHoneypot Service
    • Risk: 🔴 Critical - Unable to sell tokens
  • isNotOpenSource (boolean | null) — Whether the contract source code is NOT verified/open source.
    • Source: GoPlus API
    • Risk: 🟠 High - Cannot audit contract behavior
  • renounced (boolean | null) — Whether ownership has been renounced (owner is zero address or safe known address).
    • Source: GoPlus API
    • Risk: 🟢 Good if true - No owner can modify contract
  • locked (string | null) — Percentage of LP tokens that are locked (0-1 scale as decimal string, e.g., “0.8500” = 85%).
    • Source: GoPlus API
    • Risk: Higher is better - Locked LP prevents rug pulls
  • transferPausable (boolean | null) — Whether transfers can be paused by the owner/authority.
    • Source: GoPlus API, Static Code Analysis
    • Risk: 🟠 Medium - Owner can freeze trading
  • isBlacklisted (boolean | null) — Whether a blacklist mechanism exists (addresses can be blocked from trading).
    • Source: GoPlus API, Static Code Analysis
    • Risk: 🟠 Medium - Specific addresses can be blocked
  • isWhitelisted (boolean | null) — Whether a whitelist mechanism exists (only approved addresses can trade).
    • Source: GoPlus API, Static Code Analysis
    • Risk: 🟠 Medium - Trading restricted to approved addresses
  • balanceMutable (boolean | null) — Whether the owner can arbitrarily modify token balances.
    • Source: GoPlus API, Static Code Analysis
    • Risk: 🔴 Critical - Owner can steal or manipulate funds
  • modifyableTax (boolean | null) — Whether buy/sell taxes can be modified after deployment.
    • Source: GoPlus API, Static Code Analysis
    • Risk: 🟠 Medium - Owner can increase fees unexpectedly
  • selfDestruct (boolean | null) — Whether the contract contains a self-destruct function.
    • Source: GoPlus API, Static Code Analysis
    • Risk: 🔴 Critical - Contract can be destroyed, funds lost
  • lowLiquidity (string | null) — Indicates low liquidity warning (value varies by source).
    • Source: GoPlus API
    • Risk: 🟡 Low - High slippage on trades
  • burnRate (string | null) — Percentage of supply that has been burned (decimal string, e.g., “0.4580” = 45.8%).
    • Source: GoPlus API, On-chain RPC
    • Risk: 🟢 Informational - Higher values indicate deflationary tokenomics

Static Analysis Status

  • staticAnalysisStatus (string | null) — Current status of the static code analysis for this token:
    • completed — Analysis has been performed, results are included in security flags
    • pending — Analysis has been triggered, results will be available on next request
    • not_available — Chain not supported for static analysis or service unavailable
    • insufficient_liquidity — Token doesn’t meet minimum liquidity requirements (default: $5,000)
    • not_evm — Static analysis only available for EVM chains
  • staticAnalysisDate (string | null) — ISO 8601 timestamp of when static analysis was last performed. Only present when staticAnalysisStatus is completed.
Static analysis is automatically triggered when you query /token/security for EVM tokens with verified source code that meet liquidity requirements. Results are typically available within seconds on subsequent requests.

Liquidity Analysis

  • liquidityBurnPercentage (number | null) — Percentage (0-100) of liquidity pool tokens that have been sent to dead/zero addresses (burned). Higher values indicate the liquidity provider cannot rug pull by removing liquidity. Returns null if data is not available. On-chain verification (Solana): For PumpSwap, Raydium AMM v4, Raydium CPMM, and Meteora DYN pools, the LP burn percentage is verified directly on-chain by reading the LP mint supply and checking holder addresses against known dead addresses. This provides accurate data even when third-party providers (GoPlus) return incorrect values — e.g. PumpFun tokens migrated to PumpSwap have 100% LP burned by design.
  • liquidityAnalysis (array | null) — Per-pool breakdown of LP holder distribution for the top 3 pools by 24h volume. Each entry contains:
    • poolAddress (string) — On-chain pool address
    • poolType (string) — DEX protocol type (see supported protocols below)
    • burnedPercentage (number) — LP tokens sent to dead/burn addresses (0-100)
    • lockedPercentage (number) — LP tokens held by known locker contracts (0-100)
    • contractPercentage (number) — LP tokens held by other contracts (0-100)
    • unlockedPercentage (number) — LP tokens held by regular wallets (0-100)
    • topHolders (array) — Top LP holders with address, percentage, type (burned | locked | contract | unlocked), and protocol (locker name if locked, e.g. “Unicrypt”)

Supported Pool Types

EVM — Fungible LP tokens (V2-style):
Pool TypeProtocolChains
uniswap-v2Uniswap V2 (+ forks)Ethereum, Base, BSC, Arbitrum, etc.
camelot-v2Camelot V2Arbitrum
balancerBalancerEthereum, Arbitrum, etc.
curveCurveEthereum, Arbitrum, etc.
fluidFluidEthereum
EVM — Concentrated Liquidity (V3/V4-style, NFT positions):
Pool TypeProtocolChains
uniswap-v3Uniswap V3Ethereum, Base, Arbitrum, etc.
uniswap-v4Uniswap V4Ethereum, Base, Arbitrum, etc.
pcs-infinity-clPancakeSwap Infinity CLBSC
solidly-v3Solidly V3 / Aerodrome CLBase
clanker-v3 / clanker-v4ClankerBase
zora-v3 / zora-v4ZoraZora Network
Solana — Fungible LP tokens:
Pool TypeProtocolAnalysis Method
pumpswapPumpSwapLP mint holders via getTokenLargestAccounts
raydiumRaydium AMM V4LP mint holders via getTokenLargestAccounts
raydium-cpmmRaydium CPMMLP mint holders via getTokenLargestAccounts
meteora-dyn / meteora-dyn2Meteora Dynamic AMMLP mint holders via getTokenLargestAccounts
meteora-dbcMeteora DBCLP mint holders via getTokenLargestAccounts
Solana — Concentrated Liquidity (CLMM, indexed RPC):
Pool TypeProtocolAnalysis Method
orcaOrca WhirlpoolNFT position scanning via getProgramAccounts + owner resolution
meteoraMeteora DLMMPosition scanning via getProgramAccounts (owner embedded in account)
Raydium CLMM is not currently supported for liquidity analysis — Raydium V3 no longer stores individual position accounts on-chain.

Holder Classification

Each LP holder is classified into one of four types:
TypeDescription
burnedLP tokens sent to known dead/burn addresses. Liquidity is permanently locked and cannot be removed.
lockedLP tokens held by a known locker protocol. Liquidity is locked for a defined period.
contractLP tokens held by an unrecognized smart contract. May or may not be locked.
unlockedLP tokens held by a regular wallet (EOA). Liquidity can be removed at any time.
Recognized burn addresses:
ChainAddresses
EVM0x0000...0000, 0x...dead, 0xdead...4206, 0x0000...0001
Solana1111...1112, 1111...1113, 1nc1nerator1111...1111
Recognized LP locker protocols:
ProtocolChains
UnicryptEthereum, BSC, Arbitrum, Base
Team FinanceEthereum, BSC
PinkLockEthereum, BSC, Arbitrum, Base
Mudra LockerBSC

Market Analysis

  • isLaunchpadToken (boolean | null) — Whether the token comes from (or is still on) a bonding curve/launchpad (e.g., Pump.fun, Moonshot, Raydium Launchlab, Boop, Meteora DBC, Heaven). true indicates the token originated from a bonding curve mechanism, regardless of whether it has since graduated to a regular DEX pool.
  • proTraderVolume24hPercentage (number | null) — Estimated percentage of 24h trading volume coming through terminal UIs (Axiom, Phantom, BullX, etc.). Calculated as (feesPaid24h / volume24h) * 100 * 50. Volume that doesn’t pass through these UIs is generally non-organic (bots, direct contract calls). Higher values indicate more legitimate retail/terminal activity.

Chain Support

FeatureEVM ChainsSolanaSource
Contract HoldingsOn-chain RPC
Burned HoldingsOn-chain RPC
Buy/Sell FeesGoPlus API
Max Wallet/Buy/Sell/TransferOn-chain RPC
Top X HoldingsToken Service
isMintableGoPlus, Static, RPC
isFreezableOn-chain RPC
isLaunchpadTokenPools Storage
proTraderVolume24hPercentageToken Service
isHoneypotGoPlus, Static, IsHoneypot
isNotOpenSourceGoPlus API
renouncedGoPlus API
lockedGoPlus API
transferPausableGoPlus, Static
isBlacklistedGoPlus, Static
isWhitelistedGoPlus, Static
balanceMutableGoPlus, Static
modifyableTaxGoPlus, Static
selfDestructGoPlus, Static
lowLiquidityGoPlus API
burnRateGoPlus, RPC
staticAnalysisStatusStatic Analysis
staticAnalysisDateStatic Analysis
liquidityBurnPercentageOn-chain RPC, GoPlus
liquidityAnalysisOn-chain RPC (indexed for Solana CLMM)

Important Notes

  1. RPC Preference: This endpoint uses private RPCs when available for better reliability and performance.
  2. Null Values: Many fields may return null for legitimate reasons:
    • The token contract doesn’t implement the specific restriction
    • The function names don’t match common patterns
    • RPC call failed or timed out
    • Feature not supported on the chain type
  3. Data Source Priority: When multiple sources provide the same data:
    • Static analysis takes precedence when it detects a risk (true values override)
    • GoPlus provides baseline security data
    • On-chain RPC provides real-time holdings/limits
  4. Interpretation Guidelines:
    • High contractHoldingsPercentage (>10%): Potential centralization or honeypot risk
    • High burnedHoldingsPercentage: Generally positive, indicates deflationary supply
    • High fees (buyFeePercentage/sellFeePercentage/transferFeePercentage >10%): May limit trading activity or indicate a fee-on-transfer honeypot
    • Transfer restrictions (maxWalletAmountRaw, maxBuyAmountRaw, maxSellAmountRaw): Common anti-whale measures
    • High top10HoldingsPercentage (>50%): Significant supply concentration, potential control risk
    • isMintable = true: Token supply can increase, potential inflation risk
    • isFreezable = true: Token accounts can be frozen by authority (common on Solana)
    • isLaunchpadToken = true: Token originated from a bonding curve (Pump.fun, Moonshot, etc.)
    • Low proTraderVolume24hPercentage: Most volume is non-organic (bots, direct contract calls), potential wash trading
    • isHoneypot = true: 🔴 Critical risk - unable to sell tokens
    • renounced = false: Owner can still modify contract behavior
    • balanceMutable = true: 🔴 Critical risk - owner can steal funds
    • selfDestruct = true: 🔴 Critical risk - contract can be destroyed
  5. Performance: All RPC calls are executed in parallel for optimal response time.

Error Handling

The endpoint returns HTTP 400 for:
  • Missing or invalid blockchain parameter
  • Missing or invalid address parameter
  • Token not found in the system
Other fields gracefully degrade to null if specific data points cannot be retrieved.

Use Cases

  • Due Diligence: Automated security screening for new tokens
  • Trading Bots: Pre-trade validation to avoid tokens with restrictive mechanics
  • Portfolio Risk Analysis: Assess holdings for potential red flags
  • DeFi Integrations: Validate token compatibility with protocols
  • Community Tools: Display security badges or warnings for tokens
  • Supply Control Analysis: Monitor holder concentration and distribution via top X holdings percentages
  • Bonding Curve Origin: Identify tokens that originated from launchpads/bonding curves (Pump.fun, Moonshot, etc.)
  • Organic Volume Detection: Distinguish between terminal UI volume (organic) vs direct/bot volume (non-organic)
  • Rug Pull Prevention: Check locked, renounced, balanceMutable for rug pull risks
  • Honeypot Detection: Multi-source honeypot detection via GoPlus, static analysis, and IsHoneypot service

Query Parameters

chainId
string

Blockchain chain ID (e.g., "evm:56", "solana:solana")

address
string
required

Token contract address

Response

200 - application/json

Token security response with holdings, fees, and transfer restrictions

data
object
required
hostname
string