> For the complete documentation index, see [llms.txt](https://docs.j.tools/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.j.tools/guides/verify-token-safe.md).

# Verify a token before you buy

**Short answer:** a Solana token is reasonably safe to buy when its mint and freeze authorities are revoked, its metadata is locked, its liquidity is burned or time-locked, and no small cluster of wallets holds most of the supply. Every one of those is on-chain, so you can verify it yourself before you risk a cent.

Nothing here is financial advice, and a clean checklist does not make a token a good investment. It only rules out the most common ways a token is built to be pulled out from under you.

```mermaid
flowchart TD
  A[Token you want to buy] --> B{Mint authority revoked?}
  B -- No --> X[Higher risk, be cautious]
  B -- Yes --> C{Freeze authority revoked?}
  C -- No --> X
  C -- Yes --> D{Liquidity locked or burned?}
  D -- No --> X
  D -- Yes --> Y[Lower risk, still do your own research]

  classDef brand fill:#EF2A2A,stroke:#EF2A2A,color:#ffffff,font-weight:bold;
  classDef soft fill:#1f2937,stroke:#374151,color:#e5e7eb;
  class X,Y brand;
  class A,B,C,D soft;
```

## What you need

* A token mint address (CA), the long string the project shares.
* A Solana explorer open in another tab (Solscan, Solana Explorer, or similar) to read the mint's on-chain flags.
* [Token Snapshot](/tools/utilities/token-snapshot.md) to read holder distribution. The scan is read-only and never touches your wallet's holdings.

{% hint style="info" %}
This is all reading, not signing. You inspect public on-chain state, so you don't need to connect a wallet to look at an explorer. Token Snapshot does ask you to connect, but the scan only reads the chain and moves nothing.
{% endhint %}

## The rug check, step by step

{% stepper %}
{% step %}

### Check the mint authority

Open the mint on an explorer and find the **mint authority**. If it reads as revoked, null, or "none", supply is fixed and nobody can print more. If a wallet address is still listed, that wallet can mint unlimited new tokens whenever it wants and dilute you to zero. A live mint authority on a token that claims a fixed supply is the loudest red flag on this list.
{% endstep %}

{% step %}

### Check the freeze authority

On the same mint, find the **freeze authority**. Revoked means no account can ever be frozen, so once you buy, your balance stays free to move. If a wallet still holds the freeze authority, that wallet can freeze your token account at will and lock you out of selling. Most honest community tokens have no reason to keep this, so a live freeze authority deserves a hard question.
{% endstep %}

{% step %}

### Confirm the metadata is locked

Look at the **update authority** on the metadata. When it is revoked, the name, symbol, and image are permanent. When it is live, the project can rewrite the token's identity after you buy, launching as one thing and editing into another. A locked identity is what stops a bait-and-switch. See [Token authorities](/concepts/authorities.md) for how all three of these keys work.
{% endstep %}

{% step %}

### Verify liquidity is locked or burned

A token needs a liquidity pool to trade, and the question is whether the team can drain it. Find the LP position and check whether the LP tokens were **burned** (destroyed, so the pool can never be withdrawn) or **time-locked** (held by a locker contract until a future date). If the LP tokens sit in the deployer's own wallet, unlocked, the team can pull the pool in one transaction and leave holders with worthless tokens. That is the classic rug, and burned or locked liquidity is the on-chain proof it cannot happen.
{% endstep %}

{% step %}

### Read the holder distribution

Run the mint through [Token Snapshot](/tools/utilities/token-snapshot.md). It returns a ranked holder list with each wallet's balance and share of supply. Scan the top: if one or two wallets hold a large slice of the circulating supply, they can dump and crater the price at any moment. Exclude the pool, burn, and known locker addresses, then judge how concentrated the rest is. A long, flat tail of many small holders is healthier than a few whales sitting on everything.

[**Run a Holder Snapshot in the app →**](https://j.tools/en/tools/token-snapshot)
{% endstep %}

{% step %}

### Check the contract age and history

A mint created minutes ago with no trading history carries more unknowns than one that has traded for weeks. New is not automatically bad, but a brand-new mint paired with heavy pressure to buy right now is a pattern worth slowing down for. Check when the mint was created and how its first transactions look on the explorer.
{% endstep %}
{% endstepper %}

## What each red flag means

| You see                                | What it means                                                            | How worried to be                                                |
| -------------------------------------- | ------------------------------------------------------------------------ | ---------------------------------------------------------------- |
| Mint authority still live              | Supply can be inflated. The team can print more and dilute every holder. | High. On a "fixed supply" token, treat it as disqualifying.      |
| Freeze authority still live            | Your token account can be frozen, blocking you from selling.             | High for a community token. Ask why it is kept.                  |
| Update authority still live            | The name, symbol, and image can be changed after launch.                 | Medium to high. Identity is not final.                           |
| LP tokens in deployer wallet, unlocked | The team can withdraw the pool and rug holders in one transaction.       | High. This is the most common exit.                              |
| One or two wallets hold most supply    | A single sell can crash the price. Concentration is leverage over you.   | High when it is insiders; lower when it is a locker or treasury. |
| Mint created minutes ago, no history   | Untested, no track record, easy to abandon.                              | Context-dependent. Pair with the flags above.                    |

{% hint style="warning" %}
Read these flags together, not in isolation. A high concentration number is normal right after launch and alarming a month in. Burned liquidity means little if the mint authority is still live. The full picture is what tells you something, not any single field.
{% endhint %}

## Notes and limits

* **Concentration needs context.** The liquidity pool itself, the burn address, and locker contracts all show up as large "holders" in any snapshot. They are not insiders. Identify and set them aside before you judge how concentrated real holders are.
* **A clean mint is necessary, not sufficient.** Revoked authorities and locked liquidity remove the built-in exits. They say nothing about whether the project ships, the team is real, or the price holds. Do the rest of your own research.
* **The chain is the source of truth.** A project's website or chat can claim anything. The explorer and a holder snapshot show what is actually true. When the words and the chain disagree, believe the chain.

For a launcher's view of the same checklist, read [Make your token rug-proof](/guides/rug-proof-token.md). It walks through revoking authorities and locking liquidity from the deployer's side, the mirror image of the [Token authorities](/concepts/authorities.md) keys you read here as a buyer.

## FAQ

<details>

<summary>How do I check mint and freeze authority myself?</summary>

Paste the mint address into a Solana explorer and open the token's page. The mint authority and freeze authority are listed in the mint account details. "Revoked", null, or "none" is what you want to see. A wallet address means that authority is still live. [Token authorities](/concepts/authorities.md) explains each one in depth.

</details>

<details>

<summary>What holder concentration counts as "too much"?</summary>

There is no universal cutoff, and it depends on the token's age and design. The practical move is to exclude the pool, burn, and locker addresses, then look at how much the remaining top wallets hold. A handful of real wallets holding the majority of supply is a concentration risk because any one of them can move the price. Use [Token Snapshot](/tools/utilities/token-snapshot.md) to see the exact shares and decide for yourself.

</details>

<details>

<summary>Does locked liquidity guarantee the token is safe?</summary>

No. Locked or burned liquidity only proves the pool cannot be pulled. The team can still hold a large supply, the project can still fail, and a time-lock eventually expires. It removes one specific risk, the liquidity rug, and leaves the rest for you to judge.

</details>

<details>

<summary>Is a brand-new token automatically a scam?</summary>

No. Every legitimate token was new once. A fresh mint just means less history to learn from, so the other checks carry more weight. Be more cautious when a new mint is paired with pressure to buy immediately.

</details>

<details>

<summary>Does running a holder snapshot expose my wallet or move my funds?</summary>

No. [Token Snapshot](/tools/utilities/token-snapshot.md) performs a read-only scan of on-chain state. It reads balances and never takes custody of anything.

{% hint style="success" %}
**J Tools is non-custodial.** We never hold your private keys and never ask for them. Every transaction is built in your browser and signed by your own wallet. If any page ever asks you to paste a private key, stop, close it, and let us know.
{% endhint %}

</details>

## Related pages

{% content-ref url="/pages/GJDrT6dgbr2AtEdxUrnc" %}
[Mint, freeze and update authorities](/concepts/authorities.md)
{% endcontent-ref %}

{% content-ref url="/pages/IkDuDGRTPYj2wcjtbIre" %}
[Holder Snapshot and Analytics](/tools/utilities/token-snapshot.md)
{% endcontent-ref %}

{% content-ref url="/pages/RqWhckocdjrI0CmkTW3v" %}
[Make your token rug-proof](/guides/rug-proof-token.md)
{% endcontent-ref %}

Or skip the manual explorer hop and read the same flags in one pass: [**Explore the tools in the app →**](https://j.tools/en/tools)


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.j.tools/guides/verify-token-safe.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.