Token Safety

Anatomy of a Rugpull: 5 Warning Signs in the Contract Code

6 min readIntermediateUpdated 2025

A rugpull happens when a project developer suddenly withdraws all liquidity or drains the contract, leaving investors with worthless tokens. In 2023 alone, rugpulls accounted for over $2 billion in crypto losses.

The terrifying truth: most rugpulls are premeditated and the escape hatch is written directly into the contract code. Here are the 5 most common warning signs.

Warning Sign #1: Unprotected selfdestruct

Red Flag 01

selfdestruct with no timelock or multisig

selfdestruct() instantly destroys the contract and sends all ETH to a specified address. If the owner can call it anytime, they can drain everything instantly.

// ❌ RUGPULL VECTOR function emergencyWithdraw() public onlyOwner { selfdestruct(payable(owner)); // Instant drain }

Warning Sign #2: Hidden mint function

Red Flag 02

Unlimited minting with no cap

If the owner can mint unlimited tokens at any time, they can inflate supply to near-zero value, then dump their holdings while your tokens become worthless.

// ❌ INFLATION RUGPULL function mint(address to, uint256 amount) public onlyOwner { totalSupply += amount; // No cap! balanceOf[to] += amount; // Owner mints to self }

Warning Sign #3: Owner can drain the liquidity pool

Red Flag 03

Functions that withdraw LP tokens or ETH

If the contract holds liquidity tokens (LP tokens) and the owner can withdraw them, the owner can remove all liquidity from the DEX at any time, crashing the price to zero.

// ❌ LIQUIDITY DRAIN function removeLiquidity() public onlyOwner { uint256 lpBalance = lpToken.balanceOf(address(this)); lpToken.transfer(owner, lpBalance); // Full drain }

Warning Sign #4: Pausable transfers with no governance

Red Flag 04

Owner can pause all transfers unilaterally

A pause function itself isn't bad — but if a single owner can pause all transfers with no timelock or governance vote, they can trap your tokens while they exit.

// ❌ TRANSFER TRAP bool public paused = false; function pause() public onlyOwner { paused = true; // Instantly trap all holders } function transfer(address to, uint256 amt) public { require(!paused, "Transfers paused"); // ... }

Warning Sign #5: High owner token concentration

Red Flag 05

Developer holds excessive supply at launch

If the deployer wallet holds 20%+ of the total supply with no vesting or lock, they can dump their entire bag as soon as the price pumps, cratering the value for everyone else.

// ❌ WHALE ALLOCATION constructor() { totalSupply = 1_000_000_000e18; // 40% to deployer — no vesting, no lock balanceOf[msg.sender] = 400_000_000e18; }

⚠️ The rule: Before buying any token, check if the owner can mint, pause, drain liquidity, or selfdestruct. If yes — and there's no timelock, multisig, or governance — it's a rugpull waiting to happen.

Safe Alternatives

Renounced ownership — Owner renounces after launch, making the contract immutable.

Timelock contracts — All owner actions require a 24-48h delay, giving community time to react.

Multisig — Multiple signers required for sensitive actions, no single point of failure.

Locked liquidity — LP tokens locked in a third-party contract for 1+ years.

Detect rugpull vectors automatically

AuditAI scans for all 5 rugpull patterns and more. Paste any contract or address and get an instant risk report. Free.

⬡ Scan for Rugpulls Free